EnableBitlocker and RK switch RRS feed

  • Question

  • Hello

    I need to know how I can make this script to save the Recovery Key to a network shared drive as follows:

    First it needs to creat a folder by using the computer name as a variable, second it needs to save the Recovery Key to that folder.


    Sunday, June 2, 2013 12:17 PM


All replies

  • There are plenty of script examples in the repository.  Have you looked?



    • Proposed as answer by Mike Laughlin Monday, June 3, 2013 1:56 AM
    • Marked as answer by IamMred Thursday, June 13, 2013 4:22 AM
    Sunday, June 2, 2013 1:03 PM
  • Hello

    thanks for getting back to me.

    yes I have checked all that, but none of them does what I want.

    Enable bitlocker script has a RK switch that supposed to do what I want , but it keeps asking for a usb drive and I don't want to save anything on usb drive.

    i just want the recovery key be save on the network drive under a folder that automatically is being created and has the name of the computer.


    Tuesday, June 4, 2013 8:17 PM
  • First read all of the instructions and technical background on BitLocker.  You can save keys in Active Directory or on a removable drive.  You cannot send keys to the network.  That would be too dangerous.



    • Edited by jrv Tuesday, June 4, 2013 9:42 PM
    Tuesday, June 4, 2013 9:39 PM
  • Here is another useful article:



    Tuesday, June 4, 2013 9:43 PM
  • Hello

    I was able to write a script that does exactly what I wanted it to do.

    thanks for all your help but none of the links above helped me find anything.

    thanks again

    Tuesday, June 11, 2013 2:24 AM
  • You forgot to post your script.

    You can post it here or in the repository and then just place a link here.  Perhaps others would benefito


    Tuesday, June 11, 2013 2:27 AM
  • Here is how it works

    first enable the TPM in the BIOS

    creat a batch file and copy these 2 lines into your batch file.

    the batch file needs to be run as administrator by right clicking on it and selecting run as administrator

    manage-bde -tpm -o PASSWORD

    md "\\networkpath\%computername%"

    manage-bde -on c: -rp -rk "\\networkpath%computername%" -s > "\\networkpatch\%computername%\%computername%.txt"


    password could be anything, but it's needed to take ownership of TPM

    fisrt line will creat a folder with the name of computer

    second line writs a text file into it with all information about bitlocker inclouding the key



    Vote as helpful

    Tuesday, June 11, 2013 3:24 PM
  • Thank you.  That will behelpful to others.  I think that is also in the link I originally poswted however it is a complete one step command.


    Tuesday, June 11, 2013 3:52 PM