none
MDT withouth Active Directory Bitlocker how to save the key on txt automatically with task-sequenz? RRS feed

  • Question

  • Hello,

    I'm using MDT without Active Directory - unfortunately I can't use AD here.

    Bitlocker should be used now.

    How can I tell MDT to execute Bitlock but save the recovery key automatically as a text file (or PDF) in a folder (e.g. network drive)?

    Many thanks
    max
    Friday, June 28, 2019 8:05 AM

All replies

  • In customsettings.ini you will want to add 

    BDEKeyLocation=\\SERVER\SHARE

    It will save a text file of the BitLocker key. The file will be named: OSDComputerName-{ID}.txt


    Daniel Vega

    Friday, June 28, 2019 1:54 PM
  • Thank you!

    So I have this in my customsettings.ini

    SkipBitLocker=NO
    BDEInstall=KEY
    BDERecoveryKey=TRUE
    BDERecoveryPassword=TRUE
    BDERequired=YES
    BDEKeyLocation=\\Share
    BDEInstallSuppress=NO
    BDEDriveLetter=S:
    BDEDriveSize=2000
    

    But here I get a BEK file with the filename of the key.
    23110B55-*****KEX*******.BEK
    How can I get a TXT file from the system? (Or the file, which is also created manually by Windows)

    Is there a way?

    Thursday, July 4, 2019 12:27 PM
  • The reason you are getting a BEK file is because you are using KEY and not TPM. When you use a KEY, that means the system will only unlock unless a flash drive with the key is connected to the system. It's ideal and safest (since someone could steal the flash drive) to use a computer with TPM if you need BitLocker.

    Daniel Vega

    Monday, July 8, 2019 1:33 PM