Close Menu
    Facebook X (Twitter) Instagram
    Trending
    • Successful Adoption of a “Cloud First” Strategy
    • Speaking at Nordic Virtual Summit
    • Workplace Ninja User Group Denmark February Meetup
    • Workplace Ninja User Group Denmark Meetup – May 2022
    • Workplace Ninja User Group Denmark Meetup – April 2022
    • Speaking at Modern Endpoint Management Summit 2022
    • Speaking at Nordic Virtual Summit 2022 – 3nd Edition
    • CoLabora Recordings – January 2022
    RONNIPEDERSEN.COM
    • Home
    • Enterprise Mobility
      • Configuration Manager
      • Identity and Access
      • Information Protection
      • Intune
    • Cloud and Data Center
      • Data Center Management
      • Group Policy
      • Enterprise Security
      • Hyper-V
      • PowerShell
    • Guides
    • Webcasts
    • Links
    • About
      • Contact me
      • Disclaimer
    RONNIPEDERSEN.COM
    You are at:Home»Cloud and Data Center»How to Access the MBAM BitLocker Recover Keys directly in SQL

    How to Access the MBAM BitLocker Recover Keys directly in SQL

    2
    By Ronni Pedersen on January 4, 2016 Cloud and Data Center, Enterprise Mobility, Enterprise Security

    Today I was working with a customer that wanted upgrade MBAM from 2.0 to 2.5 SP1. It was a simple stand-alone configuration with a two server setup.

    Deployed exactly like this example: https://support.microsoft.com/en-us/kb/3046555. Great guide.

    The upgrade process is (normally) pretty straight forward. Basically, you need to back up the database, uninstall the old version of MBAM, Install the new version of MBAM and then run the configuration wizard. But in this scenario the IIS service didn’t survive the upgrade, so the helpdesk and the self-service portal wasn’t working.

    So while we’re trying to fix this problem, helpdesk calls for BitLocker recovery keys started to come in. So how do we access the recovery keys without a working portal?

    Luckily everything is stored in SQL, so with a little query and some magic, we can continue to support our users.

    To access the 48 digit recovery key saved in SQL, you need to perform the following steps:

    1. Open the SQL Management Studio, and Expand the MBAM_Recovery_and_Hardware database.
    2. Under Tables, Select RecoveryAndHardwareCore.Keys.
    3. Right-Click RecoveryAndHardwareCore.Keys, and Select Top 1000 Rows.

    4. This should create a query that will give you a list of all RevoveryKeyID’s and RecoveryKey’s in the Database.

    5. If you want to search for a specific Recovery Key, then you can add the following line to the query:

      WHERE RecoveryKeyId LIKE ‘fcc%’

    That’s it… Enjoy.

    • Tweet
    • Share 0
    • +1
    • LinkedIn 0

    Related

    Ronni Pedersen
    • Website
    • Facebook
    • X (Twitter)
    • LinkedIn

    My name is Ronni Pedersen and I'm currently working as a Cloud Architect at APENTO in Denmark. My primary focus is Enterprise Client Management solutions, based on technologies like AzureAD, Intune, EMS and System Center Configuration Manager. I'm is also a Microsoft Certified Trainer and Microsoft MVP in Enterprise Mobility.

    Related Posts

    Speaking at Nordic Virtual Summit

    Workplace Ninja User Group Denmark February Meetup

    Speaking at Modern Endpoint Management Summit 2022

    2 Comments

    1. Pingback: How to Access the MBAM BitLocker Recover Keys directly in SQL | dbazzone

    2. Christoph Voigt on September 25, 2016 10:21

      I highly recommend to set DISCLOSED to true in such cases, otherwise the mbam client won’t change the recovery key once your portal and web service are up again, leading to an eternally active recovery key (which users like to print out and take with them, because, well, it’s handy).

      Reply
    Leave A Reply Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Follow
    APENTO

    Follow APENTO here:

    Subscribe to Blog via Email

    Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    About
    My name i s Ronni Pedersen and I'm currently working as a Cloud Architect at APENTO in Denmark. My primary focus is Endpoint Management and Security, based on Microsoft technologies. I'm also a Microsoft Certified Trainer and a dual Microsoft MVP in both Security and Windows.
    Recent Posts
    • Successful Adoption of a “Cloud First” Strategy
    • Speaking at Nordic Virtual Summit
    • Workplace Ninja User Group Denmark February Meetup
    • Workplace Ninja User Group Denmark Meetup – May 2022
    • Workplace Ninja User Group Denmark Meetup – April 2022
    Archives
    TOP POSTS
    • SCCM: Failed to Get Client Identity (80004005)
    • Setting OSDComputerName using CustomSettings.ini
    • How to change the default BitLocker encryption method and cipher strength when using the Enable BitLocker task in ConfigMgr 2007
    • Deploying Office 2016 using the Click-to-Run Deployment Tool
    • Integrate Jamf Pro with Microsoft Intune
    RECENT COMMENTS
    • Sebi on Prepare for Co-Management: Migrate Intune Devices without user affinity
    • Vadim P on SCCM: Failed to Get Client Identity (80004005)
    • TM on Active Directory Based Activation in an multi domain environment
    • unkown on Setting OSDComputerName using CustomSettings.ini
    • TJ Scott on Setting OSDComputerName using CustomSettings.ini
    DISCLAIMER
    The content on this website is presented "as-is" with no guarantees. The use of scripts from this website is at your own risk. Always test before putting something in production! Opinions expressed are my own.
    © 2025 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.