This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 97%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hi,
I'm trying to run a .bat from the machine gpo to save the bitlocker key in AD but it doesn't work.
If I run it locally it works perfectly. All users are local administrators of their machines.
What may be failing?? Other .bat files work without problems
manage-bde -protectors -get c:
for /f "skip=4 tokens=2 delims=:" %%g in ('"manage-bde -protectors -get c:"') do set MyKey=%%g
manage-bde -protectors -adbackup c: -id%MyKey%
Thanks!!!
In the end I have achieved it by doing an immediate task as suggested by partner MotoX80
1 copy the .bat to a folder on the hard disk with a GPO
2 I schedule an immediate task that executes that script only once and then deletes it
Thank you very much everyone for the help and forgive all the questions I ask you!!!!!
I mark this answer as the correct one because it does not let me mark the one of the partner MotoX80 for being a comment.
Thank you very much for the answers and sorry for the delay in answering!!!
MotoX80: I copied the code but the folder c: \ temp does not appear. I don't think the bat is running.
HannahXiong: Yes, the gpo appears within GPOs applied at the computer level
MTG-6756: I didnt know this, I am going to read your article to see if that could be the problem.
Thanks!!!!!
To sum up:
The bat works locally and works remotely with psexec.
gpresult shows the gpo correctly and rsop tb
I don't know what else to check
Thanks!!!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 2%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
https://learn.microsoft.com/answers/comments/115073/view.html - did you understand that?
sorry, is that in this new format I do not clarify much. I do the test and tell you.
Thanks!!!
Disclaimer; since I retired, I no longer have access to an Active Directory domain to test this.
What event triggers the execution of the bit.bat file? In your initial image, we can see that you are modifying a "Scripts" section. Are there other settings or tabs in that window? F1 for help?
Shouldn't you be defining a scheduled task that runs periodically or at system startup?
MTG: 29963-image.png
Works perfectly
MotoX80: I don't understand your question, the script runs every time the pc starts up.
I have copied the .bat you wrote and it gives me a syntax error, but at least it creates the temp folder and the .log.
So what I did was add to my .bat the creation of the temp folder and it works and creates it, but the rest still does not work, it does not save the key in AD
md c:\temp
manage-bde -protectors -get c:
for /f "skip=4 tokens=2 delims=:" %%g in ('"manage-bde -protectors -get c:"') do set MyKey=%%g
manage-bde -protectors -adbackup c: -id%MyKey%
Ok, what I wanted you to do is start the test from the PC using psexec.
What you did, was start psexec from remote and run the command at the remote pc - not exactly the same.
On the client, right click cmd and select run as administrator. On the command prompt, start
psexec -s -i \dcacumad2\prueba\bit.bat
Could it be that you did not notice my latest comment?
The result of the code that the partner Motox80 wrote is:
Starting 02/10/2020 21:30:39,47
Cifrado de unidad BitLocker: versi¢n de la herramienta de configuraci¢n 10.0.18362
Copyright (C) 2013 Microsoft Corporation. Todos los derechos reservados.
Volumen C: []
Todos los protectores de clave
ERROR: error (c¢digo 0x80070522):
El cliente no dispone de un privilegio requerido.
Cifrado de unidad BitLocker: versi¢n de la herramienta de configuraci¢n 10.0.18362
Copyright (C) 2013 Microsoft Corporation. Todos los derechos reservados.
ERROR: sintaxis no v lida.
No se entendi¢ "(c¢digo".
Escriba "manage-bde -?" para usarla.
Ending 02/10/2020 21:30:39,79
Looks like a permission issue....