Using BitLocker
* Getting ID and other Info from C: drive (using Bitlocker already):
manage-bde -protectors -get c:
* or only the (password protector’s) ID:
manage-bde -protectors -get c: -type RecoveryPassword | findstr ID
* Backing up Recovery Key to server:
manage-bde -protectors -get c: -type RecoveryPassword >\\%server%\%BitlockerBackup%\%computername%.txt
* Backing up recovery information to AD:
manage-bde -protectors -adbackup c: -id {Numerical Password`s ID}
* Using GPO to backup the recovery information for operating system drives in AD:
registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
set value “OSActiveDirectoryBackup” to 1
* Backing Up BitLocker and TPM Recovery Information to AD DS