- #How to backup bitlocker recovery key windows 10 install
- #How to backup bitlocker recovery key windows 10 update
- #How to backup bitlocker recovery key windows 10 archive
- #How to backup bitlocker recovery key windows 10 pro
This will list all of the recovery keys for the computer in question. Double click on the computer account to open the properties dialogue. On a domain controller open Active Directory Users and Computers and then locate the relevant computer account. 4.0 Recovering the BitLocker keyįollowing our work in Step 1, a new ‘BitLocker Recovery’ tab will be present within active directory computer objects.
If you’ve completed the previous steps, BitLocker should be automatically saving recovery keys to active directory when the OS volume is encrypted.įor the purpose of this guide I’m going to encrypt my test client machine the simple way – by right-click’ing on the C volume and following the ‘Turn BitLocker on’ wizard. We’re done! Now it’s time to test our changes. Save the changes and then exit the group policy editor.
Open the policy for editing and then browse to:Ĭomputer Configuration > Policies > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives.Ĭonfigure the policy “Choose how BitLocker-protected operating system drives can be recovered” and set it as shown below: Once finished you should have a setup similar to mine, as shown below: 2.3 Configuring BitLockerĬreate a new group policy object targeted at your computers. It ensures all domain administrators are using the same group policy template files. The folder is used by a feature called the ‘Group Policy Central Store’. If you don’t have a ‘PolicyDefinitions’ folder now would be a great time to create one. E.g.Ĭ:\Windows\SYSVOL\mydomain.local\Policies\PolicyDefinitions Extract these files to the ‘PolicyDefinitions’ folder within the SYSVOL share on a domain controller.
#How to backup bitlocker recovery key windows 10 archive
Inside of the ZIP archive will be many group policy ADMX files along with folders for each language. Plus it’s always good practice to use the latest group policy templates.ĭownload the latest ADMX files for your build of Windows here. In my experience the correct group policy options aren’t always shown out-of-the-box, so I’m going to use the latest template file. In order to do this we’ll use group policy.
#How to backup bitlocker recovery key windows 10 update
2.2 Update group policyĬlient computers will need to forward their recovery keys to active directory. Later in the guide we’ll use those tools to view the stored BitLocker recovery keys. The BitLocker administrator tools will now be installed.
#How to backup bitlocker recovery key windows 10 install
You will be prompted to install additional tools. Tick the ‘BitLocker Drive Encryption’ option under Features. On a domain controller open Server Manager and then launch the Add Roles and Features Wizard. It doesn’t mean the domain controller will be encrypted, just that the necessary GUI administration tools will be installed. This feature will add an additional tab within Active Directory Users and Computers to access the recovery keys. So that we can access the Bitlocker recovery keys, we’ll need to install the BitLocker feature on a domain controller (DC). This guide will show the steps specifically for Windand Windows Server 2019. Domain schema level of at least ‘Windows Server 2012’.Windows Server 2012 or newer domain controller.
#How to backup bitlocker recovery key windows 10 pro
Windows 7 or newer client (Must be either Pro or Enterprise).Plus we’ll take a look at how computers that are already encrypted can retrospectively have their recovery keys backed up to active directory. In this post I’m going to be going through the process, step-by-step, to enable BitLocker recovery key saving to active directory. Thankfully Microsoft has developed a way to automatically save BitLocker recovery keys to active directory. However, if you’re using BitLocker within a business environment, keeping track of the recovery keys can be quite burdensome. BitLocker is a fantastic way to protect the data stored on computers and thwart some offline tampering attacks.