Information Technology Reference
In-Depth Information
FIGURE 2-35
The Find BitLocker Recovery Password dialog box
Saving BitLocker recovery passwords
Although saving BitLocker recovery passwords to Active Directory is an excellent way to save
them securely and where they can be easily recovered, you can also do the following:
■
Print the recovery password
■
Save it to a file
■
Create a USB recovery key
Whatever methods you use, make sure that they are kept up to date, are secure, and are
available when needed.
Saving eFS certificates
Although having an extra recovery agent for EFS is one form of backup, another important
backup is to export the EFS certificates for users and back them up to secure storage. If
this isn't done, and a user's computer needs to be rebuilt, the user could lose access to all
EFS-protected files and folders on the computer. The simplest solution is to export the EFS
certificate to a .pfx file, which can then be part of normal backup procedures.
