Write to a custom asset field (BitLocker)

BitLocker keys, rotate local admin password, third-party UID etc.

Written By Mikel from Gorelo

Last updated 16 days ago

You can write to a custom asset field via scripts. This is useful for things such as BitLocker keys, rotating local admin passwords and third-party UID’s.

In this example, we'll use BitLocker.

Step 1: Create the custom asset field

  1. Navigate to Settings -> Assets -> Custom Fields

  2. Add custom field with the following details

    • Name: BitLocker Recovery Key

    • Variable: bitlockerRecoveryKey

Step 2: Create the script

  1. Navigate to Scripts

  2. Create a script with the following details:

    • Name: 🗝️Store-BitlockerRecoveryKey

    • Content:

Example
$ErrorActionPreference = 'SilentlyContinue' # Get drives where BitLocker is "On" $BitlockerDrives = Get-BitLockerVolume | Where-Object ProtectionStatus -EQ "On" -ErrorAction SilentlyContinue #Get FileSystem drives $Drives = Get-PSDrive -PSProvider FileSystem #Create array of Drive Names with ":" added $DrivesName = @() $Drives | foreach {$DrivesName += $_.name + ':' } #If any Bitlockered drives exist if($BitlockerDrives){ #Foreach Drive Foreach ($DriveName in $DrivesName) { #Confirm is drive is bitlockered $BitlockerDrive = $BitlockerDrives | where { $DriveName -contains $_ } #If specific drive is bitlockered if ($BitlockerDrive){ #Get RecoveryKey $RecoveryKey = $BitlockerDrive.KeyProtector | Where-Object RecoveryPassword -NE "" | Select-Object -ExpandProperty RecoveryPassword -ErrorAction SilentlyContinue #Join if multiple with ; delimiter $RecoveryKey = $RecoveryKey -join ";" #Add the drive letter to the output $RecoveryKey = "$($BitlockerDrive.mountpoint)$RecoveryKey" #Add to other drive keys (If exist) $RecoveryKeys += " $RecoveryKey " } else { $RecoveryKeys += $DriveName + "Not Enabled" } } GoreloAction -SetCustomField -Name 'asset.bitlockerRecoveryKey' -Value $RecoveryKeys #If no bitlockered drives found }else { Foreach ($DriveName in $DrivesName) { $RecoveryKeys += $DriveName + "Not Enabled " } GoreloAction -SetCustomField -Name 'asset.bitlockerRecoveryKey' -Value $RecoveryKeys }

Step 3: Deploy the script via a policy

  1. Navigate to Policies

  2. Edit an existing policy that covers the assets you want to store BitLocker Recovery Keys for

  3. Add the '🗝️Store-BitlockerRecoveryKey' script and set to repeat daily at your preferred time

  4. Save and Distribute the policy