I was hoping someone could show me how to retrieve the Bitlocker recovery password using the following WMI information:
Path = \root\cimv2\security\microsoftvolumeencryption
The value can be retrieved using the GetKeyProtectorNumericalPassword method of the Win32_EncryptableVolume class.
I've looked in the WMI area of the Winbatch database and all of the scripts seem to show how to get the properties of a class but not how to execute a method of a class.
Any help would be appreciated.
Perhaps it is a misunderstanding of the terms or something but there are many examples of executing WMI class methods in the Tech Database. From the script writers perspective there isn't really much difference between the two since both can have parameters. The main difference being that you can use an assignment operator on a property when setting it.
Given the information in my previous post, could you please show me how to write it properly so the recovery key information is retrieved?
As previously mentioned in another thread, use the previous example provided as a response as a starting point:
http://forum.winbatch.com/index.php?topic=1090.msg5119#msg5119 (http://forum.winbatch.com/index.php?topic=1090.msg5119#msg5119)
As for the parameter values, you have to figure that out based on MSFT's documentation. Those are unique to your system and may vary based on how the system is configured. We have no way of telling you those bits of information. The method's documentation can be found here:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa376439%28v=vs.85%29.aspx
(https://msdn.microsoft.com/en-us/library/windows/desktop/aa376439%28v=vs.85%29.aspx)
The GetKeyProtects method also looks interesting:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa376441%28v=vs.85%29.aspx (https://msdn.microsoft.com/en-us/library/windows/desktop/aa376441%28v=vs.85%29.aspx)
The example at the bottom of the page may be of some use.
A search using your search engine of choice may find additional information or a user who has actually used this stuff may provide additional insights.
In looking over the example provided, the GetConversionStatus method does not require an in parameter whereas the GetKeyProtectorNumericalPassword needs the input parameter VolumeKeyProtectorID. If I'm understanding this correctly, I would need to pass that input parameter to the GetKeyProtectorNumericalPassword method in order to get the desired information. Could you please assist me with doing that?
Most COM Automation methods that accept [in] parameters. An [out] parameter is the rarity and usually the one that generats a WinBatch related question, i.e., how do I pass an out parameter variable to a method. But you already have the answer to that question via the 2013 example.
Bitlock is a Microsoft product. A logical place to find out about a Microsoft product is Microsoft's online documentation for the product. Did you notice that link to a ''GetKeyProtectors' method I posted has the 'VolumeKeyProtectorID' [out] parameter that is the same name as the 'VolumeKeyProtectorID' [in] parameter to 'GetKeyProtectorNumericalPassword'? It took less than a minute to find that method doing a simple web search on 'GetKeyProtectorNumericalPassword' and 'VolumeKeyProtectorID'. If this information isn't enough info to enable you to call the 'GetKeyProtectorNumericalPassword' method, I am sure a little more digging on Microsoft's site will answer any remaining questions.
Attached is a nice Powershell breakdown of Bitlocker. WB can run PS scripts, but I haven't tested as such. I signed the script so it will run in PS w/out elevated privileges (the author posted w/out a sign).
Since this is a "WinBatch" forum, a quick and dirty WinBatch example...
strComputer = '.'
objWMIService = GetObject('winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\\':strComputer:'\root\cimv2\security\microsoftvolumeencryption')
colItems = objWMIService.ExecQuery ('Select * from Win32_EncryptableVolume WHERE DriveLetter="I:"')
ForEach objInstance In colItems
; Check for object.
If !objInstance Then Continue
If ObjectTypeGet(objInstance) == "EMPTY" Then Continue
NumericalPassword = ""
VolumeKeyProtectorIds = 0
objInstance.GetKeyProtectors(0,VolumeKeyProtectorIds)
forEach VolumeKeyProtectorId in VolumeKeyProtectorIds
; GetKeyProtectorNumericalPassword can error on some VolumeKeyProtectorID values
nErrorMode = ErrorMode(@Off)
objInstance.GetKeyProtectorNumericalPassword(VolumeKeyProtectorID, NumericalPassword)
nLastError = LastError()
ErrorMode(nErrorMode)
if !nLastError
Message('Drive I ':VolumeKeyProtectorID, NumericalPassword)
endif
next
Next
Exit