If you already have created a lot of applications with many deployment types and forgot to check them to allow fallback it can be very time consuming to do this manually! Luckily we have PowerShell to help us with that.
Here is a small script that gathers the protector information from the TPM chip and store the information on a server, discount within a folder labeled with the computername it was run on.
When deploying your OS with ConfigMgr you may (I hope you do 🙂 ) enable BitLocker and saves the recovery information in Active Directory.
This script retrieves the recovery key for a single computer.
This post is an extension to my friend and MVP -Nicolai Henriksen- great post on this issue. Link: http://www.sccm.biz/2012/06/sccm-and-bitlocker-tpm-real-life.html
Use his post as a starting point.
Notes from a two hours class with Ed Wilsen aka ‘Scripting Guy’ (http://blogs.technet.com/b/heyscriptingguy/)
If you can use/learn something from it, good 🙂 If not, read Ed’s blog!
-PowerShell, learn it now before it is an emergency!
Here is a script that you can feed with a parameter from the switch statement to trigger the wanted action.
If you choose ‘LIST’ it will list all the action ID numbers.
Note: you need to run it with elevated privileges.