Can you force the backup of a Bitlocker Recovery key/password with a GPO for Windows 7?

We have a number of Windows 7 computers whose drives were encrypted with Bitlocker, under a faulty GPO. They encrypted properly (as in they're not corrupted), but the recovery key isn't backed up to AD. We have since corrected the policy to require the backup of the key when encrypting the drive, and this policy is working properly.
My question is, is there a way to force the recovery keys on the already encrypted drives that were not backed up to AD, to do so via a GPO or script.
I know this can be achieved by running a series of manage-bde.exe commands from an elevated command prompt, but this requires a technician to visit each computer and we'd like to automate it.
aran_gilmoreAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
understand as of now, the elevated prompt is unavoided and it is to enforce strictly on using privilege account to run the backup. even the 'id' parameter in the manage-bde is unique to each client and is needed to uploas.

see this http://blogs.technet.com/b/bitlocker/archive/2010/09/14/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx

can be a vbs at startup login but still need to escalate privilege. the sample scripts would be useful

http://technet.microsoft.com/en-us/library/cc766015(v=WS.10).aspx

The BitLocker Windows Management Instrumentation (WMI) interface allows administrators to write a script to back up or synchronize an online client' s existing recovery passwords . An administrative account can list the recovery passwords of an unlocked volume by using the GetKeyProtectorNumericalPassword method of the BitLocker WMI interface or the "- protectors - get " parameters of the BitLocker command- line tool (manage- bde .wsf )
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
can explore MBAM release. its agent can be push down by SCCM and understand user can self recover

http://blogs.technet.com/b/kdean/archive/2011/02/10/announcing-microsoft-bitlocker-administration-and-monitoring-mbam.aspx

Streamline key recovery for the help desk: MBAM provides a web page that allows the help desk to quickly get the user’ s recovery key if they get into BitLocker recovery mode . The help desk no longer needs access to Active Directory when the organization is using MBAM .

0
aran_gilmoreAuthor Commented:
Thanks, I had found that solution but was hoping there was some automated procedure I didn't know about. We'll do it manually I guess.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.