BitLocker keys, rotate local admin password, third-party UID etc.
Written By Mikel from Gorelo
Last updated 16 days ago
You can write to a custom asset field via scripts. This is useful for things such as BitLocker keys, rotating local admin passwords and third-party UID’s.
In this example, we'll use BitLocker.
Step 1: Create the custom asset field
Navigate to Settings -> Assets -> Custom Fields
Add custom field with the following details
Name: BitLocker Recovery Key
Variable: bitlockerRecoveryKey

Step 2: Create the script
Navigate to Scripts
Create a script with the following details:
Name: 🗝️Store-BitlockerRecoveryKey
Content:
Example$ErrorActionPreference = 'SilentlyContinue'
# Get drives where BitLocker is "On"
$BitlockerDrives = Get-BitLockerVolume | Where-Object ProtectionStatus -EQ "On" -ErrorAction SilentlyContinue
#Get FileSystem drives
$Drives = Get-PSDrive -PSProvider FileSystem
#Create array of Drive Names with ":" added
$DrivesName = @()
$Drives | foreach {$DrivesName += $_.name + ':' }
#If any Bitlockered drives exist
if($BitlockerDrives){
#Foreach Drive
Foreach ($DriveName in $DrivesName) {
#Confirm is drive is bitlockered
$BitlockerDrive = $BitlockerDrives | where { $DriveName -contains $_ }
#If specific drive is bitlockered
if ($BitlockerDrive){
#Get RecoveryKey
$RecoveryKey = $BitlockerDrive.KeyProtector | Where-Object RecoveryPassword -NE "" | Select-Object -ExpandProperty RecoveryPassword -ErrorAction SilentlyContinue
#Join if multiple with ; delimiter
$RecoveryKey = $RecoveryKey -join ";"
#Add the drive letter to the output
$RecoveryKey = "$($BitlockerDrive.mountpoint)$RecoveryKey"
#Add to other drive keys (If exist)
$RecoveryKeys += " $RecoveryKey "
} else { $RecoveryKeys += $DriveName + "Not Enabled" }
}
GoreloAction -SetCustomField -Name 'asset.bitlockerRecoveryKey' -Value $RecoveryKeys
#If no bitlockered drives found
}else {
Foreach ($DriveName in $DrivesName) {
$RecoveryKeys += $DriveName + "Not Enabled "
}
GoreloAction -SetCustomField -Name 'asset.bitlockerRecoveryKey' -Value $RecoveryKeys
}
Step 3: Deploy the script via a policy
Navigate to Policies
Edit an existing policy that covers the assets you want to store BitLocker Recovery Keys for
Add the '🗝️Store-BitlockerRecoveryKey' script and set to repeat daily at your preferred time
Save and Distribute the policy