View BitLocker recovery passwords stored in Active Directory

So, you can probably tell I’m working on a BitLocker-related project by now…

One drawback to storing BitLocker recovery passwords in Active Directory is that there’s no good way to retrieve the recovery password when you need it, or so I thought. I suggested to the BitLocker team that they consider writing an extension to AD Users & Computers to make it easy for authorized admins to get a recovery password for a given computer– turns out they’d already done it and were deep into the signoff process!

The tool is officially documented in KB 928202. It’s an AD U&C extension that makes the BitLocker recovery information visible; you need to get it from PSS, but it’s a free call, so why not?

Advertisements

Comments Off on View BitLocker recovery passwords stored in Active Directory

Filed under General Tech Stuff, Security

Comments are closed.