Can you force the backup of a Bitlocker Recovery key/password with a GPO for Windows 7?

We have a number of Windows 7 computers whose drives were encrypted with Bitlocker, under a faulty GPO. They encrypted properly (as in they're not corrupted), but the recovery key isn't backed up to AD. We have since corrected the policy to require the backup of the key when encrypting the drive, and this policy is working properly.
My question is, is there a way to force the recovery keys on the already encrypted drives that were not backed up to AD, to do so via a GPO or script.
I know this can be achieved by running a series of manage-bde.exe commands from an elevated command prompt, but this requires a technician to visit each computer and we'd like to automate it.
aran_gilmoreAsked:
Who is Participating?
 
btanExec ConsultantCommented:
understand as of now, the elevated prompt is unavoided and it is to enforce strictly on using privilege account to run the backup. even the 'id' parameter in the manage-bde is unique to each client and is needed to uploas.

see this http://blogs.technet.com/b/bitlocker/archive/2010/09/14/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx

can be a vbs at startup login but still need to escalate privilege. the sample scripts would be useful

http://technet.microsoft.com/en-us/library/cc766015(v=WS.10).aspx

The BitLocker Windows Management Instrumentation (WMI) interface allows administrators to write a script to back up or synchronize an online client' s existing recovery passwords . An administrative account can list the recovery passwords of an unlocked volume by using the GetKeyProtectorNumericalPassword method of the BitLocker WMI interface or the "- protectors - get " parameters of the BitLocker command- line tool (manage- bde .wsf )
0
 
btanExec ConsultantCommented:
can explore MBAM release. its agent can be push down by SCCM and understand user can self recover

http://blogs.technet.com/b/kdean/archive/2011/02/10/announcing-microsoft-bitlocker-administration-and-monitoring-mbam.aspx

Streamline key recovery for the help desk: MBAM provides a web page that allows the help desk to quickly get the user’ s recovery key if they get into BitLocker recovery mode . The help desk no longer needs access to Active Directory when the organization is using MBAM .

0
 
aran_gilmoreAuthor Commented:
Thanks, I had found that solution but was hoping there was some automated procedure I didn't know about. We'll do it manually I guess.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.