Save-ShieldedVMRecoveryKey
Extracts the encrypted BitLocker recovery key from a shielded virtual machine's operating system disk.
Syntax
Save-ShieldedVMRecoveryKey
-VHDPath <String>
-Path <String>
[-Force]
[-WhatIf]
[-Confirm] Save-ShieldedVMRecoveryKey
-DiskNumber <Int32>
-Path <String>
[-Force]
[-WhatIf]
[-Confirm] Description
The Save-ShieldedVMRecoveryKey cmdlet is used to extract the encrypted BitLocker recovery key from a shielded virtual machine's operaing system disk. The key can be obtained from an offline VHDX or an online, mounted disk. The encrypted recovery key can be passed to the Unprotect-ShieldedVMRecoveryKey cmdlet to decrypt the recovery key.
This cmdlet only works with Windows shielded VMs created with a shielding data file created on Windows Server, version 1709 or newer.
Examples
Example 1
PS C:\> Save-ShieldedVMRecoveryKey -VHDPath 'C:\temp\MyShieldedVM.vhdx' -Path 'C:\temp\MyShieldedVMEncryptedRecoveryKey.ebek'Extracts the encrypted recovery key from the "MyShieldedVM.vhdx" file and saves it to the temp directory.
Example 1
PS C:\> Save-ShieldedVMRecoveryKey -DiskNumber 1 -Path 'C:\temp\MyShieldedVMEncryptedRecoveryKey.ebek'Extracts the encrypted recovery key from the second disk (disk number 1) mounted on the system, and saves the recovery key to the temp directory.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DiskNumber
Identifier for the mounted disk containing the OS partition of a Windows shielded VM
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Overwrites the encrypted recovery key file located at the specified path
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Path
Location to save the encrypted recovery key
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VHDPath
Location of the VHDX file for a Windows shielded VM to be searched for an encrypted recovery key
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
None