Method to escrow a Windows Bitlocker key to Crypt-Server.
Crypt-Server was first meant to recover filevault keys from Mac OS operating systems. If you're a Multi-OS Client Platform Engineer like myself, I needed a way to manage other OS encryption keys without having to use yet another portal per OS.
Provided is a generic script. Kept this simple as I'm sure others can functionalize it.
Get-LoggedOnUser.ps1- This scipt was pulled from TechNet.- I've included the current one in this repo.
- We will need to use
Get-LoggedOnUser.ps1to get the currently active user logged into Windows.
- Windows 10 Enterprise
- Windows 10 Pro
Depends on the method or management system you plan to use.
$crypt_url- Your Crypt-Server.$serial- This code might need a bit more depending on the manufacturers you plan to use. Some show up asSystem Serial Number.
- Since the
Get-LoggedOnUser.ps1file is not signed by a certificate, I am callingPowershellwith aByPass. This all depends on your execution policy.- InfoSec might not like this, so the recommended way is to sign all code deployed.
- Please ensure these files are in the same directory when executing.
powershell.exe -noprofile -executionpolicy bypass -file .\bitlocker2crypt.ps1