![]() On PCs that use BitLocker Drive Encryption, or on devices such as tablets or phones that use BitLocker Device Encryption only, when an attack is detected, the device will immediately reboot and enter into BitLocker recovery mode. The following list provides examples of specific events that will cause BitLocker to enter recovery mode when attempting to start the operating system drive: For more information, see BitLocker Group Policy settings. This method makes it mandatory for you to enable this recovery method in the BitLocker group policy setting Choose how BitLocker-protected operating system drives can be recovered located at Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives in the Local Group Policy Editor. Storing recovery passwords in AD DS is recommended to provide a way for IT professionals to be able to obtain recovery passwords for drives in their organization if needed. ![]() A domain administrator can obtain the recovery password from AD DS and use it to unlock the drive.If the drive is an operating system drive, the drive must be mounted as a data drive on another computer for the data recovery agent to unlock it. Data recovery agents can use their credentials to unlock the drive.(Saving a recovery password with your Microsoft account online is only allowed when BitLocker is used on a PC that is not a member of a domain). If your organization allows users to print or store recovery passwords, the users can type in the 48-digit recovery password that they printed or stored on a USB drive or with your Microsoft account online. The user can supply the recovery password.In a recovery scenario, you have the following options to restore access to the drive: What is BitLocker recovery?īitLocker recovery is the process by which you can restore access to a BitLocker-protected drive in the event that you cannot unlock the drive normally. This article does not detail how to configure AD DS to store the BitLocker recovery information. This article assumes that you understand how to set up AD DS to back up BitLocker recovery information automatically, and what types of recovery information are saved to AD DS. It's recommended to create a recovery model for BitLocker while you are planning your BitLocker deployment. ![]() Organizations can use BitLocker recovery information saved in Active Directory Domain Services (AD DS) to access BitLocker-protected data. ![]() This article describes how to recover BitLocker keys from AD DS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
February 2023
Categories |