none
MDT bitlocker is writing the key to c:\ drive RRS feed

  • Question

  • Hello

    Is this a normal behavior that MDT writes the key to c:\ drive into a text file ?

    thanks

    Tuesday, August 27, 2019 6:08 PM

Answers

  • It is if you don't tell it where else to save it. Typically you want to specify the location in the customsettings.ini

    For example:

    BDEKeyLocation=\\MDTSERVER\DeploymentShare\BitLockerKeys


    Daniel Vega

    • Marked as answer by Saeidans Wednesday, August 28, 2019 10:32 PM
    Wednesday, August 28, 2019 1:18 PM

All replies

  • It is if you don't tell it where else to save it. Typically you want to specify the location in the customsettings.ini

    For example:

    BDEKeyLocation=\\MDTSERVER\DeploymentShare\BitLockerKeys


    Daniel Vega

    • Marked as answer by Saeidans Wednesday, August 28, 2019 10:32 PM
    Wednesday, August 28, 2019 1:18 PM
  • Hello

    I thought having BDErecoverykey = AD should be enough to copy the key to AD, although this function is not working either and I am using a batch file after image is done to compy key to AD.

    I will add BDEkeylocation back to CS.ini

    thanks

    Wednesday, August 28, 2019 2:57 PM
  • See -> Set up MDT for BitLocker
    Also see -> BitLocker variables

    Example Customsettings.ini with BitLocker support:

    BDEInstallSuppress=NO
    BDEKeyLocation=\\SERVER\BITLOCKERKEYS
    OSBBitLockerCreateRecoveryPassword=AD
    OSDBitLockerMode=TPM
    OSDBitLockerWaitForEncryption=FALSE


    Daniel Vega

    Wednesday, August 28, 2019 3:41 PM
  • Why do I need to store the Key anywhere, other than writing the recovery password to AD?

    I am ending up with the recovery password in a text file on each target pc. Along with it in AD.

    How do I prevent it from being stored to the pc itself?

    Friday, September 6, 2019 4:08 PM