pasterarchitect.blogg.se - Retrieve bitlocker recovery key with key id

RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID UPGRADE
RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID WINDOWS 10
RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID CODE

? $filter=SMSID eq 'GUID:3d03b4dd-2007-47da-af02-83800df961c0' # Select statement to explicitly return device properties. #ODATA syntax to filter to find the specific device using SMSID and passing in the device GUID Https :///AdminService/v1.0/Device? $filter=SMSID eq 'GUID:3d03b4dd-2007-47da-af02-83800df961c0'& $select=MachineId,ADSiteName,CNLastOnlineTime,CNLastOfflineTime,CNAccessMP,CurrentLogonUser,CoManaged,CA_IsCompliant,ClientVersion,Domain,IsApproved,IsVirtualMachine,LastPolicyRequest,LastMPServerName,LastActiveTime,DeviceOSBuild,CNIsOnInternet,CNIsOnline,MACAddress,SiteCode The above log entries show 3 calls to the AdminService and although some of the data is obfuscated, we can piece it all together.

User ASD\Adam requests to read value of recovery key 5eb3baec-4e9b-49f4-9aee-90d3554aef05 on device 16777377 ( CMCB-WS01). Get instance of Device with key '16777377' Successfully logged on user using user principal name Adam authentication level and exception list up to date.

RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID CODE

User ASD\Adam is allowed because it is validated with current authentication level Default.Ĭompleting request with response code reason Successfully logged on user using user principal name Adam authentication level and exception list not present or expired. Successfully validated request from Service Connection Point. Received request from the notification channel. Processing incoming request for resource, method :, User. The AdminService is now used as part of the backend that enabled Cloud Attach (formerly Tenant Attach) to integrate into the Microsoft Endpoint Manager Admin Console (we all still just call it Intune :-)). You remember that guy right? It’s been a while since I’ve written anything about it and I can honestly say, it has come a LONG way. Sure sounded like Garth put him up to this. Bryan asked if I knew Supported Ways to extract a Bitlocker recovery key from the ConfigMgr database in a way that marks the key as disclosed and forces the client device to rotate keys. When trying to automate processes around ConfigMgr, there are Ways to do things then there are Supported Ways to do things. Here’s what I know now: Keying in on the Issue

So much so, that when Bryan Dam came to me demanding to know the keys to BitLocker keys in ConfigMgr, I decided I should figure it out. Recently Garth Jones accused me of knowing something that I knew nothing about and I was very offended by that.

Using SCCM Task Sequence Variables as Scripts.

Triggering ConfigMgr Client Actions from a Task Sequence.

Dynamically Updating Unattend.XML during an OSD Task Sequence using MDT Variables and ZTI Scripts.

Debugging SCCM/ConfigMgr Task Sequences on the Fly.

RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID UPGRADE

Clearing Local Group Policies during an Windows 7 to 10 In-Place Upgrade Task Sequence.

Part 5 – Dynamic Whitelisting using the Cisco ISE External RESTful Service.

Part 4 – Integrating 802.1x Authentication into an In-Place Upgrade Task Sequence.

Part 3 – Integrating 802.1x Authentication into a Bare Metal Task Sequence.

Part 2 – Building an 802.1x Enabled WinPE Boot Image.

Part 1 – Building an 802.1x Computer Authentication Script.

RETRIEVE BITLOCKER RECOVERY KEY WITH KEY ID WINDOWS 10

Windows 10 Feature Updates – Using Setupconfig.ini to Manage Feature Updates in the Enterprise.

Windows 10 Feature Updates – Using Custom Action Scripts.

Windows 10 Feature Updates – The Challenge of Servicing in the Enterprise.

Windows 10 Feature Updates – Leveraging SetupDiag for Better Reporting.