BitLocker keys, rotate local admin password, third-party UID etc.
Written By Mikel from Gorelo
Last updated 16 days ago
You can write to a custom asset field via scripts. This is useful for things such as BitLocker keys, rotating local admin passwords and third-party UID’s.
In this example, we'll use Windows Install Date.
Step 1: Create the custom asset field
Navigate to Settings -> Assets -> Custom Fields
Add custom field with the following details
Name: Windows Install Date
Variable: windowsInstallDate
Step 2: Create the script
Navigate to Scripts
Create a script with the following details:
Name: 🗝️Store-WindowsInstallDate
Content:
Example# Initialize array to store all valid dates
$allDates = @()
# Method 1: Win32_OperatingSystem class
$osInfo = Get-WmiObject Win32_OperatingSystem
$installDate = $osInfo.ConvertToDateTime($osInfo.InstallDate)
$allDates += $installDate
Write-Host "OS Installation Date (from Win32_OperatingSystem): $($installDate.ToString('MM/dd/yyyy'))" -ForegroundColor White
# Method 2: Registry installation date
$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
$registryInstallDate = Get-ItemProperty -Path $registryPath | Select-Object -ExpandProperty InstallDate
$registryInstallDateTime = (Get-Date "1970-01-01 00:00:00.000Z").AddSeconds($registryInstallDate)
$allDates += $registryInstallDateTime
Write-Host "Registry Installation Date: $($registryInstallDateTime.ToString('MM/dd/yyyy'))" -ForegroundColor White
# Method 3: Earliest system restore point (with proper date parsing)
try {
$restorePoints = Get-ComputerRestorePoint | Sort-Object -Property CreationTime
if ($restorePoints) {
$earliestRestorePoint = [datetime]::ParseExact($restorePoints[0].CreationTime.ToString(), "yyyyMMddHHmmss.ffffff-000", $null)
$allDates += $earliestRestorePoint
Write-Host "Earliest System Restore Point: $($earliestRestorePoint.ToString('MM/dd/yyyy'))" -ForegroundColor White
}
}
catch {
Write-Host "Unable to retrieve or parse system restore points." -ForegroundColor Yellow
}
# Method 4: Windows.old folder date (if exists)
$windowsOldPath = "$env:SystemDrive\Windows.old"
if (Test-Path $windowsOldPath) {
$windowsOldDate = (Get-Item $windowsOldPath).CreationTime
$allDates += $windowsOldDate
Write-Host "Windows.old Folder Creation Date: $($windowsOldDate.ToString('MM/dd/yyyy'))" -ForegroundColor White
}
# Filter out any null dates and find the oldest
$validDates = $allDates | Where-Object { $_ -ne $null }
$oldestDate = $validDates | Sort-Object | Select-Object -First 1
Write-Host "`nOldest detected date (likely original deployment): $($oldestDate.ToString('MM/dd/yyyy'))" -ForegroundColor Green
# Format date for Gorelo (date only)
$goreloDateString = Get-Date $oldestDate -Format "yyyy-MM-dd"
# Set Gorelo custom field with the oldest date
try {
GoreloAction -SetCustomField -Name '$gorelo:asset.windowsInstallDate' -Value $goreloDateString
Write-Host "Successfully updated Gorelo custom field" -ForegroundColor Green
} catch {
Write-Host "Error updating Gorelo custom field: $($_.Exception.Message)" -ForegroundColor Red
}
# Display difference between oldest and newest dates for verification
$newestDate = $validDates | Sort-Object | Select-Object -Last 1
$dateDifference = New-TimeSpan -Start $oldestDate -End $newestDate
Write-Host "`nDate range span: $($dateDifference.Days) days" -ForegroundColor Cyan
Write-Host "Newest date found: $($newestDate.ToString('MM/dd/yyyy'))" -ForegroundColor Cyan
Step 3: Deploy the script via a policy
Navigate to Policies
Edit an existing policy that covers the assets you want to store BitLocker Recovery Keys for
Add the '🗝️Store-WindowsInstallDate' script and set to repeat daily at your preferred time
Save and Distribute the policy