Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 1, 2018 2:25 PM
Hello All,
We started rolling out bitlocker to some of our users and I was wondering if there is a way to backup bitlocker keys to AD via a script. we have a GPO to do this for us and it works for computers moving forward, but doesn't seem to work for computers where bitlocker is already enabled. we can do the following from powershell manually and it works great:
1. manage-bde -protectors -get c: (this outputs the numerical password used for step 2)
2. manager-bde -protectors -adbackup c: -id <numerical password>
is there a way to automate this? im sure the script would need to run step 1 and take the code and run it for step 2 to get this to work.
My thought is to make this a logon script or something so when a user logs in it will run? or if someone can suggest a better method i would appreciate it.
Thank you!!
All replies (2)
Friday, February 2, 2018 2:10 AM
Hi,
For script issue, I suggest discussing it in our MSDN forum. They are the best resource to troubleshoot this issue.
https://social.msdn.microsoft.com/Forums/en-US/home
Thank you for understanding.
Best Regards,
Tao
Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, February 2, 2018 1:33 PM
Logon script???
The logon script run as user. To retrieve the recovery key, you need to be an admin - this needs to be understood.
So it has to run as startup script, instead.
Code:
for /f "tokens=1,2" %%a in ('manage-bde -protectors -get C: -Type recoverypassword ^| findstr ID') do manage-bde -protectors -adbackup c: -id %%b