Take a look at MBAM (official Microsoft tool that is included in MDOP) which provides you with a web portal which you or your users can use to get the recovery key. More about this at http://onlinehelp.microsoft.com/en-us/mdop/hh285661.aspxBlogging about Windows for IT pros at www.theexperienceblog.com

That is the closest to what I need for sure, I am not sure if the granularity is there, I wouldn't want to add Domain Users to be Help Desk users but pehaps I can tweak the MBAM to facilitate this. This would be good for a place with a 24/7 HelkDesk, for us we need to have it self service as we don't run 24/7. To many issues (un-docking improperly, some updates + a hibernate / battery drain) trigger the need to enter this 48 numerical lkey code. Thanks. Until later .... Brett

Has anyone seen / heard of a tool where someone could go to their own company website (secure intranet portal) and retrieve their 48 numbers for Bitlocker if required? I know there would have to be a AD enabled "impersonation" of a AD Admin to make it work but it is doable, similiar to any self-service password recovery / reset tool for AD. This a little trickier for sure but since we store all Bitlocker enabled laptop's keys in the AD, they are listed so in theory doable yes? I ask as we have on rare ocasion for some reason or another have someone who ends up needing this number due to some kind of odd update or hard shutodwn, un-dock scenario. We either give them all a card with this number or design a site where they can use a phone or friends PC to log in and get the number. Until later .... Brett

Hi, There is a feature which is contained in the Remote Server Administration Tools (RSAT) may almost meet your goal. Please refer to: BitLocker Recovery Password Viewer for Active Directory and How to use the BitLocker Recovery Password Viewer for Active Directory Users and Computers tool to view recovery passwords for Windows Vista But please understand that to use this tool to retrieve BitLocker Drive Encryption passwords, you must use an account that has sufficient rights. You must be a domain administrator, or you must be granted sufficient rights by a domain administrator. Regards, Sabrina TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Sabrina TechNet Community Support

Yes, I was assuming those tools would be "part" of the solution, though I was wondering if an APP or some ".Net code" would allow a "Domain User" via Web page to request the key code (after successfulauthentication), then have some ".Net code" run an impersonate scheme against the AD with that Remote Admin tool to retrieve the key and render it up on a web page. Similar to how a 3rd party self-serve password reset / recovery tool works for the AD.Until later .... Brett