Information Technology Reference
In-Depth Information
FIGURE 2-34
The Choose How BitLocker-Protected Fixed Drives Can Be Recovered policy setting page
After recovery password saving to AD DS is enabled, you can save the recovery password
with the Backup-BitLockerKeyProtector cmdlet. Use the following commands to back up the
Recovery Password for the operating system volume:
$blC = Get-BitLockerVolume -MountPoint C:
Backup-BitLockerKeyProtector `
-MountPoint "C:" `
-KeyProtectorId $blC.KeyProtector[1].KeyProtectorId
This will back up the second key protector for the drive mounted at C. The first key pro-
tector is the TPM whenever there is a TPM present. To recover the key, search the AD DS
domain by following these steps:
Open Active Directory Users And Computers.
1.
Right-click the domain in the console tree and select Find BitLocker Recovery Password
from the Action menu.
2.
3.
Enter the first eight characters of the Password ID and click Search, as shown in
Figure 2-35.