1

I have a USB hard drive encrypted with BitLocker:

enter image description here

While it's yet unlocked, in PowerShell I want to retrieve the drive's volume label, so I run a command like this:

Get-WmiObject -Class Win32_Volume |Where-Object {$_.DeviceID -like "\\?\Volume{a54e95ae-3dae-11e4-9cbc-001e673f1fc5}\"} | Select-Object DriveLetter,DeviceID,Label,Name,Caption | FL

But the output doesn't include the volume label:

DriveLetter : I:
DeviceID    : \\?\Volume{a54e95ae-3dae-11e4-9cbc-001e673f1fc5}\
Label       :
Name        : I:\
Caption     : I:\

How can I retrieve the drive's label before unlocking the drive?

Use scenario

The reason I want to obtain the drive's label is so that my PowerShell script can enumerate all of the drives connected to the system, then based on the drive's label unlock the disk using the correct BitLocker recovery key file. Normally I do this using the drive's DeviceID, but in this case I have multiple USB drives that are reporting the same DeviceID...which might end up being another SU question.

I say Reinstate Monica
  • 25,487
  • 19
  • 95
  • 131
  • For anyone that's curious, I *really did* have 3 identical USB drives that had the same GUID. They came from the factory that way. Of course after reformatting them they were assigned unique GUIDs... – I say Reinstate Monica Feb 15 '18 at 03:30

1 Answers1

1

The volume label is encrypted too because it resides on the volume itself, so your only option would be using the volume GUID.

Duplicate GUIDs are statistically very rare (See this thread on the subject), but you're saying your have several USB drives with the same GUID...

I'd suggest you to use Diskpart and reinitialize the drives, thus creating a new GUID for each, as follows:

Diskpart
List Volume
Select Volume <relevant drive letter>
Clean

That would wipe the MBR of the drive, so be careful.

Community
  • 1
EliadTech
  • 2,184
  • 12
  • 11
  • As shown in my screen shot, I can see the drive's volume label despite it being locked (note the *locked* icon). Am I missing something? I can certainly look more closely at the reason the disk GUIDs are identical. Perhaps that has something to do with the fact these USB drives connect via a Seagate GoFlex Desk dock. – I say Reinstate Monica Oct 13 '14 at 23:10
  • I've tried it myself, and the volume label was missing in the "Computer" window. I've done this test using a VHD file (instead USB drive) inside a VM, so maybe that's the reason for the different rersult (though I don't understand why - volume label should be encrypted yet). – EliadTech Oct 13 '14 at 23:39
  • Also, I think it's better to rely on GUIDs - you can't change them directly and they are unique (well, except in your situation, but it's probably due to some weird configuration on your computer). – EliadTech Oct 13 '14 at 23:42
  • I **completely** agree about using volume GUIDs. This situation is the first time I've not been able to rely on them. – I say Reinstate Monica Oct 13 '14 at 23:56
  • So I think you should solve the real problem (which is duplicate GUIDs) instead of looking for an unreliable replacement. – EliadTech Oct 14 '14 at 08:12
  • I will if I have no other option. However, since any sincere effort to fix the duplicate GUIDs will involve destroying data, I must exhaust other options first. – I say Reinstate Monica Oct 14 '14 at 18:10
  • Why destroy? can't you backup the data? – EliadTech Oct 14 '14 at 18:49
  • These *are* archival backup drives, so no, it's not that easy. – I say Reinstate Monica Oct 14 '14 at 19:39
  • Well, then you should try first to unplug the USB dock you've mentioned earlier. – EliadTech Oct 14 '14 at 23:36
  • I was getting nowhere finding a way to identify the drives while still locked, so starting with the oldest drive I'm using Diskpart's `CLEAN` command to reinitialize the drives, and indeed I'm getting unique GUIDs. Not exactly how I wanted to do this but your answer proved to be the most helpful in pushing me toward this resolution. – I say Reinstate Monica Oct 16 '14 at 21:18
  • Just to satisfy my curiosity, does the USB drive label still shows up if you connect them directly to the computer (while the drive is locked)? and after re-formatting? – EliadTech Oct 16 '14 at 21:52
  • Yes, the drive's label is visible while the drive is locked. However, upon closer inspect it appears what's actually happening is Windows Explorer is *caching* the label of the *last drive that was unlocked*. This could be the currently-connected drive if that drive was re-locked but not physically disconnected. I'm not certain if this behavior of showing the last label persists if the drive is disconnected then re-connected. This happens at a remote site so I don't have a good way of seeing what drive is *actually* connected (short of unlocking it, which would break the test). – I say Reinstate Monica Oct 20 '14 at 16:05