How to: Retrieve Bitlocker Encryption Keys from MBAM DB

By Rory Monaghan

SHARE

I really like storing the Encryption key within AD. But customers, in the past have opted not to use it in their MBAM setups. This is because they didn’t have the greatest management of their environment in place, there were quite a number of Domain Admins in the company, all of whom could easily access the keys if they so chose to. It would be as simple as getting the Bitlocker Key Viewer that’s a part of RSAT and browsing to the Computer Object. Well, if you find yourself in this scenario and you want a quick way to retrieve keys, you can just run a query on the Database.

Keys
You’ll want to navigate to the Hardware and Recovery Database and query the RecoveryandHardwareCore.Keys table

SELECT TOP 1000 [Id]
,[LastUpdateTime]
,[VolumeId]
,[RecoveryKeyId]
,[RecoveryKey]
,[Disclosed]
FROM [MBAM Recovery and Hardware].[RecoveryandHardwareCore].[Keys]

Will list the keys.

Let's make virtualization easier!

Be amongst the first to know when I publish new reviews, guides and tools to simplify your projects.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.