BenWPB

FWIW , I do this and then I transfer/run this .ps1 # November 28, 2017 - TJY # Generate a list of Bitlocker recovery keys and display them at the command prompt. # #Lift Powershell restriction Set-ExecutionPolicy Unrestricted -Force # Identify all the Bitlocker volumes. $BitlockerVolumers = Get-BitLockerVolume # For each volume, get the RecoveryPassowrd and display it. $BitlockerVolumers | ForEach-Object { $MountPoint = $_.MountPoint $RecoveryKey = [string]($_.KeyProtector).RecoveryPassword if ($RecoveryKey.Length -gt 5) { Write-Output ("$MountPoint $RecoveryKey.") } } using a script like this against the search group. Now I have the recovery key on the device in an EDF. I am running it once every few days so if someone adds a drive or the recovery key changes for some reason I should have it.