Automate push of bitlocker recovery key to AD
Often we need to swap a drive into a new PC and then change the computer name. Our current process is to suspend bitlocker, swap the drive, change the name, reset TPM and then resume protection. This works just fine for allowing us to move bitlocker encrypted drives around without too much hassle. We then push the recovery key to the new AD object using manage-bde -protectors c: -adbackup -id{xxxxxxx..} I would like to be able to script the ad push action so the desktop support team can do this with one click. How would I go about doing this either through a batch or a vbscript?
April 5th, 2012 12:41pm

Hi, To achieve this feature we need to get the Bitlocker Recovery GUID automatically. Based my research, this may be difficult to achieve. For reference: http://technet.microsoft.com/en-us/library/dd875529(WS.10).aspx Best Regards, Kim ZhouPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2012 4:58am

I was able to do it perfectly using this script. Figured I'd post it in case anyone else came around looking. Option Explicit Dim strNumericalKeyID Dim strManageBDE,strManageBDE2 Dim oShell Dim StrPath Dim StdOut, strCommand Dim Result, TPM, strLine Dim Flag, NumericalKeyID Set oShell = CreateObject("WSCript.Shell") '==================================================================================== 'This section looks for the Bitlocker Key Numerical ID strManageBDE = "Manage-BDE.exe -protectors -get c:" 'Bitlocker command to gather the ID Flag = False Set Result = oShell.Exec(strManageBDE)'sees the results and places it in Result Set TPM = Result.StdOut 'Sets the variable TPM to the output if the strManageBDe command While Not TPM.AtEndOfStream strLine = TPM.ReadLine 'Sets strLine If InStr(strLine, "Numerical Password:") Then ' This section looks for the Numerical Password Flag = True End If If Flag = True Then If InStr(strLine, "ID:") Then 'This section looks for the ID NumericalKeyID = Trim(strLine)' This section trims the empty spaces from the ID {} line NumericalKeyID = Right(NumericalKeyID, Len(NumericalKeyID)-4) Flag = False 'Stops the other lines from being collected End If End If Wend strManageBDE2 = "Manage-BDE.exe -protectors -adbackup C: -ID " & NumericalKeyID oShell.Run strManageBDE2, 0, True 'Runs the Manage-bde command to move the numerical ID to AD.
April 16th, 2012 3:38pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics