BitLocker keys, rotate local admin password, third-party UID etc.
Written By Mikel from Gorelo
Last updated 16 days ago
You can write to a custom asset field via scripts. This is useful for things such as BitLocker keys, rotating local admin passwords and third-party UID’s.
In this example, we'll use Windows Product Key.
Step 1: Create the custom asset field
Navigate to Settings -> Assets -> Custom Fields
Add custom field with the following details
Name: Windows Product Key
Variable: windowsProductKey

Step 2: Create the script
Navigate to Scripts
Create a script with the following details:
Name: 🗝️Store-WindowsProductKey
Content:
Example# Get Windows Product Key and update Gorelo custom field
try {
# Get Windows Product Key using WMI
$productKey = (Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey
if ([string]::IsNullOrEmpty($productKey)) {
# If OA3xOriginalProductKey is empty, try getting it from registry
$regPath = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform'
$regValue = 'BackupProductKeyDefault'
$productKey = (Get-ItemProperty -Path $regPath -Name $regValue -ErrorAction SilentlyContinue).$regValue
}
if ([string]::IsNullOrEmpty($productKey)) {
# If still empty, try another registry method
$regPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId"
$digitalId = (Get-ItemProperty -Path $regPath).DigitalProductId
# Convert Digital Product ID to Product Key
$keyOffset = 52
$isWin8 = ([math]::Floor($digitalId[66] / 6) -band 1)
$productKey = ""
$chars = "BCDFGHJKMPQRSTVWXY2346789"
for ($i = 24; $i -ge 0; $i--) {
$r = 0
for ($j = 14; $j -ge 0; $j--) {
$r = ($r * 256) -bxor $digitalId[$j + $keyOffset]
$digitalId[$j + $keyOffset] = [math]::Floor($r / 24)
$r = $r % 24
}
$productKey = $chars[$r] + $productKey
if (($i % 5) -eq 0 -and $i -ne 0) {
$productKey = "-" + $productKey
}
}
}
if (![string]::IsNullOrEmpty($productKey)) {
# Update Gorelo RMM custom field
GoreloAction -SetCustomField -Name '$gorelo:asset.WindowsProductKey' -Value $productKey
Write-Output "Successfully updated Windows Product Key in Gorelo"
} else {
Write-Error "Could not retrieve Windows Product Key"
exit 1
}
} catch {
Write-Error "Error: $($_.Exception.Message)"
exit 1
}
Step 3: Deploy the script via a policy
Navigate to Policies
Edit an existing policy that covers the assets you want to store the Windows Product Key for
Add the '🗝️Store-WindowsProductKey' script and set to Run Once or repeat at your preferred interval
Save and Distribute the policy