If I manually run Bitlocker on a pc on the domain, a recovery password gets written to AD in the properties of that pc.
IF I run BL through MDT, the same...a recovery password is written to AD.
However, through MDT I see a text file get written to C: which contains the "key". Looking at the data, it is exactly the same as the recovery "password" in AD.
My question is, how do I NOT save a local copy of that key/password? Right now I have a final step in all of my TS's which is
cmd /c del C:*.txt
that deletes the text containing the key. What's the proper way to deal with this?
Thanks