04/27/2017 3369 views
I have a powershell script that is supposed to harvest the Bitlocker key of a computer, then use that key to force the computer to backup the key to Active Directory. It works when I run it as an administrator by itself. However, when putting it into Kace it doesn't perform as expected.

The script looks like this:
$result = manage-bde -protectors -get c: -type recoverypassword
$id = $result -match "ID" | Out-String
$id = $id.Substring(10)
$revid = $id -replace "`t|`n|`r",""
$finalid = "$revid"
manage-bde -protectors -adbackup c: -id $finalid

Per the documentation I found here, I set up a kscript to run a batch file that calls the powershell script. I have the batch script running the following command:

powershell.exe -ExecutionPolicy Bypass -File "C:\ProgramData\Dell\KACE\kbots_cache\packages\kbots\127\bitlockerBackup.ps1"

The execution policy on the computer is actually set to unrestricted, so that shouldn't be an issue anyway. Any ideas on why this isn't working?

EDIT: I've updated the code to show my latest iteration, wherein I'm only calling the Powershell program once in the batch file. It still doesn't resolve the problem.

3 Comments   [ + ] Show comments


  • Hi pbrandvold, is there a reason for the double powershell.exe command in the begining?
    • The official documentation has it twice. However, I've tried with just calling powershell once and it doesn't help either.
  • Just call it once
  • Did you ever figure this out?
    • Unfortunately no, but honestly I didn't try any of the solutions in the comments - shortly after posting this I ended up creating a script to remote into computers using powershell and run this script through that instead.
      • Thank you. I have tried them to no avail :(.

Community Chosen Answer

That article is odd, I don't know why they hard-code the script dir. I would use "Launch a program"  with these settings:
Directory: $(KACE_SYS_DIR)\WindowsPowerShell\v1.0
File: powershell.exe
Parameters: -nologo -executionpolicy bypass -WindowStyle hidden -file $(KACE_DEPENDENCY_DIR)\bitlockerBackup.ps1
Answered 04/28/2017 by: JasonEgg
Red Belt

All Answers

Is this for x64 machines? if so try to specify the 64 bit powershell using %SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe

if the KACE agent is running in 32 bit it will run the 32 bit powershell, which has issues dealing with the OS
Answered 05/16/2017 by: HISDTechGuy
Senior Yellow Belt