Save-ShieldedVMRecoveryKey
Extracts the encrypted BitLocker recovery key from a shielded virtual machine's operating system disk.
Save-ShieldedVMRecoveryKey
-VHDPath <String>
-Path <String>
[-Force]
[-WhatIf]
[-Confirm]
Save-ShieldedVMRecoveryKey
-DiskNumber <Int32>
-Path <String>
[-Force]
[-WhatIf]
[-Confirm]
The Save-ShieldedVMRecoveryKey cmdlet is used to extract the encrypted BitLocker recovery key from a shielded virtual machine's operaing system disk. The key can be obtained from an offline VHDX or an online, mounted disk. The encrypted recovery key can be passed to the Unprotect-ShieldedVMRecoveryKey cmdlet to decrypt the recovery key.
This cmdlet only works with Windows shielded VMs created with a shielding data file created on Windows Server, version 1709 or newer.
PS C:\> Save-ShieldedVMRecoveryKey -VHDPath 'C:\temp\MyShieldedVM.vhdx' -Path 'C:\temp\MyShieldedVMEncryptedRecoveryKey.ebek'
Extracts the encrypted recovery key from the "MyShieldedVM.vhdx" file and saves it to the temp directory.
PS C:\> Save-ShieldedVMRecoveryKey -DiskNumber 1 -Path 'C:\temp\MyShieldedVMEncryptedRecoveryKey.ebek'
Extracts the encrypted recovery key from the second disk (disk number 1) mounted on the system, and saves the recovery key to the temp directory.
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Identifier for the mounted disk containing the OS partition of a Windows shielded VM
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Overwrites the encrypted recovery key file located at the specified path
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Location to save the encrypted recovery key
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Location of the VHDX file for a Windows shielded VM to be searched for an encrypted recovery key
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
None
None