![]() Situation Two: If You Need to Unlock the Drive From Within Windows The ID displayed here will help you identify the correct recovery key if you have multiple recovery keys printed, saved, or uploaded online. This will unlock the drive and your computer will boot normally. (If If you’ve set up your computer to require a password, PIN, USB drive, or smart card each time it boots, you’ll see the same unlock screen you normally use before getting the BitLocker Recovery screen–if you don’t know that password, press Esc to enter BitLocker Recovery.) If the TPM unlock method fails, you’ll see a “BitLocker Recovery” error screen that asks you to “Enter the recovery key for this drive”. Situation One: If Your Computer Isn’t Unlocking the Drive at Bootĭrives encrypted with BitLocker normally unlocked automatically with your computer’s built-in TPM every time you boot it. If you don’t have your recovery key, you may be out of luck– hopefully you have a backup of all your data! And next time, be sure to write down that recovery key and keep it in a safe place (or save it with your Microsoft Account). Contact the domain administrator to get the recovery key. If your computer is connected to a domain–often the case on computers owned by an organization and provided to employees or students–there’s a good chance the network administrator has the recovery key. Navigate to, go to the Profile page and see all the registered devices:įrom there You can view the recovery password for You devices.ītw - it’s not very intuitive - You cannot access this informatorom directly from -> profie pages.If there are multiple accounts, you can use the “Key ID” displayed on the BitLocker screen on the computer and match it to the Key ID that appears on the web page. There is a delay between using BackupToAAD-BitLockerKeyProtector and the information showing on AzureAD. The date shows when the drive was encrypted!, not when the information was backed up. I’m using custom objects for better readability. This is assuming your account have rights to read the information from AD in the first place! (great article here) To get that we first need to get Computer Object and then search Active Directory for ObjecClass of given type. Since Windows 2008 BitLocker Recovery Key is stored in AD in msFVE-RecoveryInformation objectclass aassociated to Computer. ![]() ![]() Now the best part - how to get the information back. Retrieve RecoveryKey From Active Directory OperatingSystem C: 236.22 FullyEncrypted 100 On VolumeType Mount CapacityGB VolumeStatus Encryption KeyProtector AutoUnlock Protection If I would have more drives, this would come in handy: Let’s store the information to ActiveDirectory now: To get the same information as before let’s select-object Let’s first get information about our volumes:Īs you can see I have only one drive, encrypted with TPM. We can get the information using manage-bde tool: Ways to get BitLocker recovery key information to AD and Azure AD Manage-BDE It can accept either KeyProtectorID or the ID itself. To send information to AD we can use Backup-BitLockerKeyProtector. ![]() What if you already have your drives encrypted, and now want to improve the process of recovering information? As always - PowerShell to the rescue. This doesn’t introduce the cost of MBAM or SCCM.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |