Link to home
Start Free TrialLog in
Avatar of Rick Crandon
Rick CrandonFlag for United States of America

asked on

VBScript Help for Backing up Lost Bitlocker Keys to AD

Our laptops were deleted from AD, and after rejoining them to the domain, the bitlocker recovery keys weren't restored to AD.  We don't use MBAM or MDOP.  I have a vbscript to run at logon however it won't run under the user account.

The script executes successfully under a local admin account and I can push it out through a logon script or using KACE to our laptops, however it doesn't run under the user account, even elevated.

What can I do to get this script to run as a local admin or under a domain account with admin privileges?  

I tried adding the RunAs vbscripting but it caused the main script to fail:

 Set WshShell = WScript.CreateObject("WScript.Shell")
  If WScript.Arguments.length = 0 Then
  Set ObjShell = CreateObject("Shell.Application")
  ObjShell.ShellExecute "wscript.exe", """" & _
  WScript.ScriptFullName & """" &_
  " RunAsAdministrator", , "runas", 1
  End if

The Bitlocker recovery script is below:

Option Explicit

Dim strNumericalKeyID
Dim strManageBDE,strManageBDE2
Dim oShell
Dim StrPath
Dim StdOut, strCommand
Dim Result, TPM, strLine
Dim Flag, NumericalKeyID

Set oShell = CreateObject("WSCript.Shell")

'This section looks for the Bitlocker Key Numerical ID

strManageBDE = "Manage-BDE.exe -protectors -get c:" 'Bitlocker command to gather the ID

Flag = False

Set Result = oShell.Exec(strManageBDE)'sees the results and places it in Result

Set TPM = Result.StdOut    'Sets the variable TPM to the output if the strManageBDe command

While Not TPM.AtEndOfStream
   strLine = TPM.ReadLine  'Sets strLine
   If InStr(strLine, "Numerical Password:") Then  

' This section looks for the Numerical Password
    Flag = True
   End If
   If Flag = True Then
     If InStr(strLine, "ID:") Then  'This section looks for the ID
      NumericalKeyID = Trim(strLine)' This section trims the empty spaces from the ID {} line
      NumericalKeyID = Right(NumericalKeyID, Len(NumericalKeyID)-4)
      Flag = False 'Stops the other lines from being collected
     End If
   End If

strManageBDE2 = "Manage-BDE.exe -protectors -adbackup C: -ID " & NumericalKeyID
oShell.Run strManageBDE2, 0, True 'Runs the Manage-bde command to move the numerical ID to AD
Avatar of McKnife
Flag of Germany image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial