Forum Discussion

Iron Contributor

Apr 07, 2019

Solved

Bitlocker backup to active directory

Hi all,

We have windows 10 (domain joined) with Bitlocker enabled with TPM and startup pin.

Up until now we created a recovery key file for each computer.

We want to move those computers recovery keys to Active Directory.

Do we need any policy for this or can this be done via script?

Markus Klocker
Apr 08, 2019
RahamimL
Well you can use cmdlet Backup-BitlockerKeyProtector to accomplish your goal.
For computer that will get installed we like to set the GPO:
https://gpsearch.azurewebsites.net/#2596

hth
Markus

3 Replies

Markus Klocker
Copper Contributor
Apr 08, 2019
RahamimL
Well you can use cmdlet Backup-BitlockerKeyProtector to accomplish your goal.
For computer that will get installed we like to set the GPO:
https://gpsearch.azurewebsites.net/#2596

hth
Markus
- RahamimL
  Iron Contributor
  Apr 08, 2019
  Markus Klockerso the policy isn't required? We have both Workstations and Laptops and we want to backup the recovery keys only to the laptops.
  - Markus Klocker
    Copper Contributor
    Apr 08, 2019
    RahamimL
    afaik the GPO is not needed but that can be tested.
    I'd get this GPO in place anyhow to make sure someone can decrypt the drive if needed.

Resources