Backup BitLocker Recovery Key with PowerShell – BitLocker is the default encryption for Windows 10 and 11. BitLocker use full-volume encryption that protects your data from lost or stolen devices by encrypting entire drives using AES-128 or AES-256.
It requires a Trusted Platform Module (TPM) for best security, typically automatic on modern Windows Pro/Enterprise systems, and protects data by requiring a recovery key for unauthorized access.
Although useful, BitLocker could become a nightmare for IT support when users forget their passwords. Once a user forgets their password, there’s no way to decrypt or back up the data. To prevent such a case, it’s recommended to back up the BitLocker key regularly.
To make the backup process fast, you can use a PowerShell script. Just make sure you save it in a secure place.
- Open Notepad or another text editor (in this case, I use Notepad++)
- Define the backup location
$BackupPath = “D:\BitLockerBackups”# Create the folder if it doesn’t exist
if (!(Test-Path $BackupPath)) {
New-Item -ItemType Directory -Path $BackupPath | Out-Null
} - Get all BitLocker Volumes
$Volumes = Get-BitLockerVolumeforeach ($Volume in $Volumes) {
$DriveLetter = $Volume.MountPoint.Replace(“:”, “”)
$Timestamp = Get-Date -Format “yyyy-MM-dd_HH-mm” - Backup BitLocker Recovery Key
# Target file name
$ExportFile = Join-Path $BackupPath “Bitlocker_$($DriveLetter)_$($Timestamp).txt”# Export the recovery protector details
$RecoveryKey = $Volume.KeyProtector | Where-Object {$_.KeyProtectorType -eq ‘RecoveryPassword’}if ($RecoveryKey) {
$RecoveryKey | Out-File -FilePath $ExportFile - Save it as *.ps1 file.
- Open powershell as Administrator and run the script from powershell.
Complete code
# Define the backup location
$BackupPath = “D:\BitLockerBackups”# Create the folder if it doesn’t exist
if (!(Test-Path $BackupPath)) {
New-Item -ItemType Directory -Path $BackupPath | Out-Null
}# Get all BitLocker-enabled volumes
$Volumes = Get-BitLockerVolumeforeach ($Volume in $Volumes) {
$DriveLetter = $Volume.MountPoint.Replace(“:”, “”)
$Timestamp = Get-Date -Format “yyyy-MM-dd_HH-mm”# Target file name
$ExportFile = Join-Path $BackupPath “Bitlocker_$($DriveLetter)_$($Timestamp).txt”# Export the recovery protector details
$RecoveryKey = $Volume.KeyProtector | Where-Object {$_.KeyProtectorType -eq ‘RecoveryPassword’}if ($RecoveryKey) {
$RecoveryKey | Out-File -FilePath $ExportFile
}
}
I think it would be good idea to run the script regularly using task scheduler to prevent file lost. If you have question, please leave in comment below. Feel free to share if you think it useful.
Enjoy Backup BitLocker Recovery Key with PowerShell and stay awesome.
Thank you 🙂
