Function Get-BitlockerDriveInformation { <# .SYNOPSIS This function only requires that you are a local administrator, and can tell the decryption information for your BitLocker drives (where available). #> [CmdletBinding()] [OutputType([object[]])] param ( ) $logLead = (Get-LogLeadName) if (!(Test-IsUserLocalAdministrator)) { Write-Warning "$logLead : You do not appear to be an administrator on this machine. Information can not be retrieved." Write-Warning "$logLead : Did you mean to run this with elevated privileges?" return } if ($null -eq (Get-Command Manage-BDE)) { Write-Warning "$logLead : No utilities found to manage BitLocker Device Encryption (missing Manage-BDE). Can not continue." return } $driveRoots = (Get-LocalHardDriveRoots) $return = @() foreach ($root in $driveRoots) { $text = (Manage-BDE -Protectors $root -Get -Type RecoveryPassword) $result = @{ DriveLetter = $root; } $foundBlock = $false $foundPassword = $false $foundError = $false foreach($line in $text) { if ($line.Trim().StartsWith("Numerical Password:")) { $foundBlock = $true } elseif (($foundBlock -eq $true) -and ($line.Trim().StartsWith("Password:"))) { $foundPassword = $true } elseif ($foundPassword -eq $true) { $result.Password = $line.Trim() $result.Status = "Password Retrieved" $foundPassword = $false } elseif ($line.Trim().StartsWith("ERROR:")) { $foundError = $true } elseif ($foundError -eq $true) { $result.Error = $line.Trim() $result.Status = "Error Occurred" } else { Write-Debug "$logLead : Discarded line: $root - $line" } } if (([string]::IsNullOrWhiteSpace($result.Password)) -and ($foundError -eq $false)) { $result.Result = $text $result.Status = "Results indeterminate. Review Result block for more details." } $return += $result } return $return }