MDT, BitLocker, Media

Hello. I need to create Offline Media to install OS and apps on some same notebooks. I need to enable Bitlocker. I have read it possible enable BitLocker in Task sequence in MDT tool. But my question is: where is kept the recovery key of Bitlocker if notebook isn’t connected to domain and all process of deployment is done from usb?
 Do you have any suggestions or best practices in this matter.
Thx in advance
Sebastian ParlińskiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kyle SantosQuality AssuranceCommented:

I am following up on your question.  Do you still need help?

If you solved the problem on your own, would you please post the solution here in case others have the same problem?


Kyle Santos
Customer Relations
Sebastian ParlińskiAuthor Commented:
No I haven't solve it. I still looking for solutions.
Steve KnightIT ConsultancyCommented:
If it joins the domain later and you have policies in place then it is backed up to AD at that point.
If this is standalone then you need to record the number in some way when enabling bitlocker on the volume - either writing down, copy/paste into a file, screenshot, pipe the output of the manage-bde or powershell commands to a file, e.g. back on your USB.

We always build onto domain using various tools like KACE, WDS build followed by scripts etc. but used to manually script enabling bitlocker and write a log file as it was enabled, e.g. like this:  --> Bitlocker_c.cmd

i.e. something like this:

md D:\bitlocker 2>NUL
if not exist d:\bitlocker (
  echo WARNING - Cannot see D: drive to record Bitlocker key
MANAGE-bde -on c: -RecoveryPassword -s > "d:\bitlocker\%computername%-%date:/=-%.txt"
type "d:\bitlocker\%computername%-%date:/=-%.txt"

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kyle SantosQuality AssuranceCommented:

An expert has replied.  Is there anything else we may assist you with?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Development

From novice to tech pro — start learning today.