Content Guild

Home / updates

How does BitLocker integrate with Active Directory?

David Mccullough |

How does BitLocker integrate with Active Directory?

Open Active Directory Users and Computers. Navigate to domaincontroller > Domain Controllers. In the right-hand ADUC pane, right-click the domain controller and select Properties. If the BitLocker Drive Encryption Administration Utilities installed correctly, the Properties dialog contains a Bitlocker Recovery tab.

How do I enable BitLocker in GPO?

Open the Group Policy Editor by using the “Run…” executable, typing in “gpedit. msc” and clicking the “OK” button. Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.

How do I manage BitLocker in Active Directory?

The settings for BitLocker are located under Computer Configuration => Administrative Templates => Windows Components => BitLocker Drive Encryption. Here you can find the option Store BitLocker recovery information in Active Directory Domain Services.

What is BitLocker Group Policy?

BitLocker Group Policy settings include settings for specific drive types (operating system drives, fixed data drives, and removable data drives) and settings that are applied to all drives. The following policy settings can be used to determine how a BitLocker-protected drive can be unlocked.

Where is BitLocker stored in Active Directory?

Right-click on your domain in the left pane of Active Directory Users and Computers snap in, and then select Find BitLocker recovery password. Enter the first 8 characters of Password ID and click on Search. It will locate the matching BitLocker recovery keys that are stored in your Active Directory.

How do I manually add BitLocker key to Active Directory?

Browse to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption , and then double-click the policy “Store BitLocker recovery information in Active Directory Domain Services“. Set the policy to Enabled.

Where is BitLocker recovery key in command prompt?

  1. Open the Command Prompt as administrator, and run the following command and press Enter. Replacing C: with the letter of your BitLocker-encrypted drive. manage-bde -protectors C: -get.
  2. You can find a 48 digit recovery key at the end. Note it down on a piece of paper or save it to somewhere secure and accessible.

How do I know if BitLocker is enabled?

Windows 10 (BitLocker)

  1. Sign in to Windows with an administrator account.
  2. Click the Start Menu icon. , enter “encryption,” and select “Manage BitLocker.”
  3. If you see the word “On”, then BitLocker is turned on for this computer.

What can group policy be used for?

Group Policy is primarily a security tool, and can be used to apply security settings to users and computers. Group Policy allows administrators to define security policies for users and for computers. Group Policy can also be managed with command line interface tools such as gpresult and gpupdate.

How do I disable BitLocker with group policy?

You can turn off this feature in your network with the Group Policy setting “Control use of BitLocker on removable drives,” which you can find under Computer Configuration > Policies > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives.

Where is BitLocker recovery key in Active Directory?

You Might Also Like