Recovery Keys

Yes you can. I’ve the script somewhere I’ll try and dig it out or find the post. Obviously it won’t work for the C/R keys if you still use those? 

Thank you, where do I run it?

It's a VBS script Dan - So copy and paste it into Notepad (or similar) and rename to "something.vbs"

How do I change the variables?

Copy and paste the whole script into Notepad.  Search the text for "DestinationDirectoryRoot" or where it says "c:\SGNData\BLRecoveryKeys" in the script change this to suit your own variables - or create the same two folders I did in the same location on C Drive! Save the changes and then run the script on the server. 

I get this..

Running it as Admin and on the SafeGuard server? I've not used it in a few years but will have a look again and see it still works as expected

Thanks, as doesn't give me the option to run as admin

Open a command prompt as Admin Dan. I would imagine you're running 64 bit too, so don't forget to run the 64 bit version of cscript.

So - Admin command prompt "c:\windows\syswow64\cscript c:\sgndata\BLRecoveryKeys\keys.vbs" in your case/screenshot I think.

Just ran it again on the server Dan and all still works well! Good luck...

Works fine thanks, so just creates the folders of each computer name with the rk in

Yup! You could modify it to merge into one but it's probably best this way. Obviously now they're exported they're static keys so if the key rotates it'll be out of date (like a TPM/motherboard replacement etc...) You could always set this to run on a schedule to keep it more "current" but it works well for what it is. Don't forget to secure this somewhere - it's now open to people bypassing your control methods if they just need to open a plain text file and not log a helpdesk ticket etc.... :)

Yup! You could modify it to merge into one but it's probably best this way. Obviously now they're exported they're static keys so if the key rotates it'll be out of date (like a TPM/motherboard replacement etc...) You could always set this to run on a schedule to keep it more "current" but it works well for what it is. Don't forget to secure this somewhere - it's now open to people bypassing your control methods if they just need to open a plain text file and not log a helpdesk ticket etc.... :)