Save-Shielded
Syntax
Save-ShieldedVMRecoveryKey
-VHDPath <String>
-Path <String>
[-Force]
[-WhatIf]
[-Confirm]Save-ShieldedVMRecoveryKey
-DiskNumber <Int32>
-Path <String>
[-Force]
[-WhatIf]
[-Confirm]Description
The Save-ShieldedVMRecoveryKey cmdlet is used to extract the encrypted BitLocker recovery key from a shielded virtual machine's operaing system disk. The key can be obtained from an offline VHDX or an online, mounted disk. The encrypted recovery key can be passed to the Unprotect-ShieldedVMRecoveryKey cmdlet to decrypt the recovery key.
This cmdlet only works with Windows shielded VMs created with a shielding data file created on Windows Server, version 1709 or newer.
Examples
Example 1
PS C:\> Save-ShieldedVMRecoveryKey -VHDPath 'C:\temp\MyShieldedVM.vhdx' -Path 'C:\temp\MyShieldedVMEncryptedRecoveryKey.ebek'Extracts the encrypted recovery key from the "MyShieldedVM.vhdx" file and saves it to the temp directory.
Example 1
PS C:\> Save-ShieldedVMRecoveryKey -DiskNumber 1 -Path 'C:\temp\MyShieldedVMEncryptedRecoveryKey.ebek'Extracts the encrypted recovery key from the second disk (disk number 1) mounted on the system, and saves the recovery key to the temp directory.
Required Parameters
Identifier for the mounted disk containing the OS partition of a Windows shielded VM
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Location to save the encrypted recovery key
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Location of the VHDX file for a Windows shielded VM to be searched for an encrypted recovery key
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Optional Parameters
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Overwrites the encrypted recovery key file located at the specified path
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
None