Odd Bitlocker behavior

Not sure how to ask this question. If I do this, I get nothing:

$info = Invoke-Command -ComputerName 'MYCOMPUTER' -ScriptBlock {Get-BitlockerVolume -MountPoint 'C:'}

However, if I do this, I get results:

$info = Invoke-Command -ComputerName 'MYCOMPUTER' -ScriptBlock {(Get-BitlockerVolume -MountPoint 'C:').Keyprotector.RecoveryPassword}

I would like to use the former versus the later. Any ideas on how to make that work?

Thanks in advance.

What does $info | Get-Member show? A string or an object?

It appears to be an object:

PS C:\WINDOWS\system32> $info.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     PSObject                                 System.Object

I should point out that I only see this behavior when I query remote systems using Invoke-Command. Everything local works fine.

What were the members?

Sorry about that Krazy Doug :frowning:

TypeName: Deserialized.Microsoft.BitLocker.Structures.BitLockerVolume

Name MemberType Definition

GetType Method type GetType()
ToString Method string ToString(), string ToString(string format, System.IFormatProvider formatPro…
PSComputerName NoteProperty string PSComputerName=MYCOMPUTER
PSShowComputerName NoteProperty bool PSShowComputerName=True
RunspaceId NoteProperty guid RunspaceId=712fcebf-4af3-4652-b46a-1b52e8e71e11
AutoUnlockEnabled Property {get;set;}
AutoUnlockKeyStored Property System.Boolean {get;set;}
CapacityGB Property System.Single {get;set;}
ComputerName Property System.String {get;set;}
EncryptionMethod Property System.String {get;set;}
EncryptionPercentage Property System.Single {get;set;}
KeyProtector Property Deserialized.System.Collections.ObjectModel.ReadOnlyCollection`1[[Microsoft.BitLoc…
LockStatus Property System.String {get;set;}
MetadataVersion Property System.Int32 {get;set;}
MountPoint Property System.String {get;set;}
ProtectionStatus Property System.String {get;set;}
VolumeStatus Property System.String {get;set;}
VolumeType Property System.String {get;set;}
WipePercentage Property System.Single {get;set;}

I see the Keyprotector property, but it is empty.

Hmm that is odd. I’ll have to find a test system.

Hello Tonyd,

I think that’s the deserialized object problem.
when you use the invoke-command you will get a deserialized object and it is not the real object.
you can enter $info.Keyprotector|gm to check.
when you use invoke-command, the type is System.String

And it dosen’t has the RecoveryPassword property. so you get the empty value.
if you don’t use the invoke-command,

The type of this object is Microsoft.BitLocker.Structures.BitLockerVolumeKeyProtector
then you can get the RecoveryPassword property.

so you must put “get Keyprotector.RecoveryPassword” into the -ScriptBlock {}.

1 Like

Overlooked deserialized. Great call.


Thank you. I will use the second method I posted. Although not desired, I guess I am stuck with it.

Thank you both for the help :slight_smile: