SQl query returning mixed results RRS feed

  • Question

  • Greetings,

    I've been trying to get all of my computers compliant through MBAM, and one thing I've been using to see if keys are stored in the database is this query:

    SELECT MAC.Name, RecoveryKeyId, RecoveryKey,MAC.Id  
    FROM [MBAMRecoveryandHardware].[RecoveryAndHardwareCore].[Keys] 
    join MBAMRecoveryandHardware.RecoveryAndHardwareCore.Machines MAC on [MBAMRecoveryandHardware].[RecoveryAndHardwareCore].[Keys].Id=MAC.Id
    Order By Name

    It appears to work, BUT what we're actually seeing is that the keys that it returns are associated with the wrong systems.  If I run:

     (Get-BitLockerVolume -MountPoint $env:SystemDrive).KeyProtector

    On an encrypted notebook, it will return the KeyProtectorID and RecoveryPassword for that system.  That key pair will appear in the query results, but it will be associated with a different system.  If I open the helpdesk portal and type in the KeyProtectorID it will return the correct Recovery key.  Is this query structured improperly or is there something wrong with my DB?


    Monday, November 19, 2018 3:06 PM