Put BitLocker Recovery key to Active Directory manually
Hello,
I want to put Recovery Key to Active Directory from user computer manually(not automaticly). Can you help me with this?
Thanks,
June 14th, 2011 5:04am
If anyone interested in this, I found a solution.
Copy the below text and then save it as .vbs file.
Option Explicit
Dim strNumericalKeyID
Dim strManageBDE,strManageBDE2
Dim oShell
Dim StrPath
Dim StdOut, strCommand
Dim Result, TPM, strLine
Dim Flag, NumericalKeyID
Set oShell = CreateObject("WSCript.Shell")
'====================================================================================
'This section looks for the Bitlocker Key Numerical ID
strManageBDE = "Manage-BDE.exe -protectors -get c:" 'Bitlocker command to gather the ID
Flag = False
Set Result = oShell.Exec(strManageBDE)'sees the results and places it in Result
Set TPM = Result.StdOut 'Sets the variable TPM to the output if the strManageBDe command
While Not TPM.AtEndOfStream
strLine = TPM.ReadLine 'Sets strLine
If InStr(strLine, "Numerical Password:") Then ' This section looks for the Numerical Password
Flag = True
End If
If Flag = True Then
If InStr(strLine, "ID:") Then 'This section looks for the ID
NumericalKeyID = Trim(strLine)' This section trims the empty spaces from the ID {} line
NumericalKeyID = Right(NumericalKeyID, Len(NumericalKeyID)-4)
Flag = False 'Stops the other lines from being collected
End If
End If
Wend
strManageBDE2 = "Manage-BDE.exe -protectors -adbackup C: -ID " & NumericalKeyID
oShell.Run strManageBDE2, 0, True 'Runs the Manage-bde command to move the numerical ID to AD.
Open elevated command prompt and execute the script from command line ant it will back up the recovery password to AD.
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2011 10:11am
Hi,
Thanks for your update.
I will mark your replay as "Answered".Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 16th, 2011 5:41am
Hi,
Your method is looking good, Can u explain me the complete method ..
Thanks..
Free Windows Admin Tool Kit Click here and download it now
November 16th, 2011 7:57am
The VB script isn't working for me, but if I run
Manage-BDE.exe from the root of C: or from C:\Windows I get the error message
"Manage-BDE.exe is not recognized as an internal or external command" I looked around and was unable to find Manage-BDE.exe on this user's workstation. Shouldn't it be there? Would he have had to have deleted the bit locker files? Is
drive is supposed to be encrypted, but he's at a remote site so it's hard to tell.
May 16th, 2012 5:01pm
On my last post I finally got the script to work by copying
Manage-BDE.exe to the employees C:\Windows\System32 on the employees computer. He said he double clicked on the .vbs file made from the above script. I'm now trying to run above VB script on another employees
computer.
I verified Manage-BDE.exe is in C:\Windows\System32. I placed the file in a Downloads folder on the root of C:. I have navigated to the Downloads folder and now I'm trying to run:
cscript.exe c:\downloads\bitlockerkey.vbs
I get the error
C:\Downloads>cscript BitLockerKey.vbs
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
C:\Downloads\BitLockerKey.vbs(22, 5) WshShell.Exec: The system cannot find the file specified.
What am I doing wrong? How do I get rid of the error "C:\Downloads\BitLockerKey.vbs(22, 5) WshShell.Exec: The system cannot find the file specified." ?
Update:
It looks like the issue may be because we are using Windows 7 64bit, but I'm still working on figuring out how to resolve the issue.
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 5:37pm
That script comes from this TechNet Blog: http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx. It also has information on running the commands manually.
May 25th, 2012 3:45pm
I think your problem is that script it is expecting to find "Manage-BDE.exe " in same location where the script is.
Either put the script in the same location 'C:\Windows\System32" and run it from here or
change the code to tell the script where to find "Manage-BDE.exe"
strManageBDE = "C:\Windows\System32\Manage-BDE.exe -protectors -get c:" 'Bitlocker command to gather the ID
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2012 1:45am