/build/static/layout/Breadcrumb_cap_w.png

Systems Management Question


Help with CIR Bitlocker Key

05/02/2020 212 views

Hello,

I am trying to get bitlocker encryption keys added to the inventory records. I've read a lot of posts on this which has gotten me pretty far but I seem to be missing some step of the process still. Here is what I have:

I have the Software item in the catalog created. Here it is:

4AeERERfasY7ImIiOJcpwzjm0zNf1dORERE5xb+Zk9ERBTnOIxPREQU5xjsiYiI4hyDPRERUZxjsCciIopzDPatMF1uhfWalMAMZUREROcl4P8BE8BkZsnmf44AAAAASUVORK5CYII=

And then I have the distribution set up. Here it is:

DqkBCr3o82oAAAAASUVORK5CYII=

The distribution is working successfully, but nothing shows up in the CIR still. What am I missing? Thanks!

2 Comments   [ + ] Show comments

Comments

  • I elevated my command prompt with and admin account to run this. (my own account is not an admin). I've also remove the actual ID and Password from the results for security purposes. Thanks

    C:\WINDOWS\system32>manage-bde -protectors C: -get
    BitLocker Drive Encryption: Configuration Tool version 10.0.18362
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.

    Volume C: []
    All Key Protectors

    TPM:
    ID: {REMOVED FOR SECURITY}
    PCR Validation Profile:
    7, 11
    (Uses Secure Boot for integrity validation)

    Numerical Password:
    ID: {REMOVED FOR SECURITY}
    Password:
    REMOVED FOR SECURITY


    C:\WINDOWS\system32>
  • https://www.itninja.com/blog/view/kace-sma-bitlocker

All Answers

0

Please share what the output looks like if you run the "manage-bde -protectors C: -get" command in a cmd window

Answered 05/02/2020 by: KevinG
4th Degree Black Belt

0

Try it without the speechmarks, so:


ShellCommandTextReturn(cmd.exe /c %windir%\sysnative\manage-bde.exe -protectors -get c:)


Answered 05/04/2020 by: Hobbsy
Red Belt

  • Hi Hobbsy,
    I've tried it without the quotes, no change. Here is the output using psexec to run kdeploy -custominventory. First without quotes, then with quotes. It looks like maybe the system is not recognizing the command I'm issuing. I got the command from this other ITNinja post:
    http://www.itninja.com/blog/view/use-kace-to-store-and-retrieve-bitlocker-recovery-keys


    [2020-05-05.15:06:47][KDeploy:CDeployController::Execu] rule ID [206121] : issuing rule [ShellCommandTextReturn(cmd.exe /c \%windir%\sysnative\manage-bde.exe -protectors -get c:\);]
    [2020-05-05.15:06:47][KLanch_client:KLaunchClient::Lau] KLaunchClient::Launch()
    [2020-05-05.15:06:47][KLanch_client:KLaunchClient::Dum] Launch State: Command="cmd.exe /c \%windir%\sysnative\manage-bde.exe -protectors -get c:\" WorkingDir="" Timeout=3600000 ShouldDetach=0 ShowWindow=0 Redirect_stdout=1 Redirect_stderr=0 Desktop=winsta0\default Using Wait_Override=0
    [2020-05-05.15:06:47][KLanch_client:KLaunchUtils::Does] DoesTokenHaveLSAPriviledges returning: 0
    [2020-05-05.15:06:47][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::Launch() DoesCurrentProcessHaveLSAPriviledges = false
    [2020-05-05.15:06:47][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::LaunchNoSession()
    [2020-05-05.15:06:47][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::SetupStartInfo *Don't CreateStdPipe StdIn Pipe (disabled)
    [2020-05-05.15:06:47][KLanch_client:KLaunchUtils::Buil] BuildCommandPath: Did not find cmd.exe /c \C:\WINDOWS\sysnative\manage-bde.exe -protectors -get c:\ under searchPath='C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Airtame;C:\Program Files (x86)\Sennheiser\SoftphoneSDK\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\adminhammondj\AppData\Local\Microsoft\WindowsApps' tempPath=''
    [2020-05-05.15:06:47][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::LaunchNoSession - CreateProcess returned successfully
    [2020-05-05.15:06:47][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::ReadStdPipe End of ReadStdPipe method
    [2020-05-05.15:06:47][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::Wait WaitForSingleObject failed: status 0, ExitCode 1
    [2020-05-05.15:06:47][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::ProcessResults - End
    [2020-05-05.15:06:47][KDeploy:CDeployController::Execu] rule [206121] statement result: "", FALSE
    [2020-05-05.15:06:47][KDeploy:CDeployController::RunCu] KDeploy finished processing 2 custominventory rules, sending response
    [2020-05-05.15:06:47][KDeploy:CDeployController::RunCu] KDeploy sending response: [;196978:]


    -----------------------------
    [2020-05-05.16:48:58][KDeploy:CDeployController::Execu] rule ID [206121] : issuing rule [ShellCommandTextReturn(cmd.exe /c \"%windir%\sysnative\manage-bde.exe -protectors -get c:\");]
    [2020-05-05.16:48:58][KLanch_client:KLaunchClient::Lau] KLaunchClient::Launch()
    [2020-05-05.16:48:58][KLanch_client:KLaunchClient::Dum] Launch State: Command="cmd.exe /c \"%windir%\sysnative\manage-bde.exe -protectors -get c:\"" WorkingDir="" Timeout=3600000 ShouldDetach=0 ShowWindow=0 Redirect_stdout=1 Redirect_stderr=0 Desktop=winsta0\default Using Wait_Override=0
    [2020-05-05.16:48:58][KLanch_client:KLaunchUtils::Does] DoesTokenHaveLSAPriviledges returning: 0
    [2020-05-05.16:48:58][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::Launch() DoesCurrentProcessHaveLSAPriviledges = false
    [2020-05-05.16:48:58][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::LaunchNoSession()
    [2020-05-05.16:48:58][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::SetupStartInfo *Don't CreateStdPipe StdIn Pipe (disabled)
    [2020-05-05.16:48:58][KLanch_client:KLaunchUtils::Buil] BuildCommandPath: Did not find cmd.exe /c \"C:\WINDOWS\sysnative\manage-bde.exe -protectors -get c:\" under searchPath='C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Airtame;C:\Program Files (x86)\Sennheiser\SoftphoneSDK\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\adminhammondj\AppData\Local\Microsoft\WindowsApps' tempPath=''
    [2020-05-05.16:48:58][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::LaunchNoSession - CreateProcess returned successfully
    [2020-05-05.16:48:58][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::ReadStdPipe End of ReadStdPipe method
    [2020-05-05.16:48:58][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::Wait WaitForSingleObject failed: status 0, ExitCode 1
    [2020-05-05.16:48:58][KLanch_client:KLaunchClientImpl:] KLaunchClientImpl::ProcessResults - End
    [2020-05-05.16:48:58][KDeploy:CDeployController::Execu] rule [206121] statement result: "", FALSE
    [2020-05-05.16:48:58][KDeploy:CDeployController::RunCu] KDeploy finished processing 2 custominventory rules, sending response
    [2020-05-05.16:48:58][KDeploy:CDeployController::RunCu] KDeploy sending response: [;196978:]
0

It's working now. I didn't realize that Hobbsy also meant to remove some of the \ symbols. The command as Hobbsy wrote it did the trick.

Answered 05/05/2020 by: hammondj
White Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ