Forum Discussion
Solved
Bitlocker backup to active directory
Hi all,
We have windows 10 (domain joined) with Bitlocker enabled with TPM and startup pin.
Up until now we created a recovery key file for each computer.
We want to move those computers recovery keys to Active Directory.
Do we need any policy for this or can this be done via script?
Well you can use cmdlet Backup-BitlockerKeyProtector to accomplish your goal.
For computer that will get installed we like to set the GPO:
Configure storage of BitLocker recovery information to AD DShth
Markus
3 Replies
Well you can use cmdlet Backup-BitlockerKeyProtector to accomplish your goal.
For computer that will get installed we like to set the GPO:
Configure storage of BitLocker recovery information to AD DShth
Markus
Markus Klockerso the policy isn't required? We have both Workstations and Laptops and we want to backup the recovery keys only to the laptops.
afaik the GPO is not needed but that can be tested.
I'd get this GPO in place anyhow to make sure someone can decrypt the drive if needed.
