BitLocker Recovery

Modified on Wed, 10 May, 2023 at 1:38 PM

With the Console you can visualize bitlocker recovery passwords in case the user needs to do a recovery. For security reasons you will see only masked keys in the overview. After entering the first 8 characters of the password ID we will unmask the full recovery password.

Benefits

• Helpdesk and IT employees do not need to have the special permissions to access the bitlocker keys in Active Directory.
• The access of a recovery password is logged in the client history.

Configuration

The BitLocker recovery is a "home-button" right, that can be assigned to your users using the Role Based Administration.

To get access to your BitLocker passwords stored in Active Directory the console service account requires the rights for MS-FVE-RecoveryInformation.

If you like to use a separate AD Account, you can use the Central Search Active Directory Service Account. Grand access to the user and add following key to the configuration C:\inetpub\wwwroot\five9sWS\settings.config:

 <add key="BitlockerUseAdServiceAccount" value="true" />

Document information

Last Modified Date

02.05.2023

Verified versions

five(9)s Console version 4.3.36

Tags

BitLocker
Keys

Disclaimer

Even though every care has been taken by five(9)s GmbH to ensure that the information contained in this publication is correct and complete, it is possible that this is not the case. five(9)s GmbH provides the publication "as is", without any warranty for its soundness, suitability for a different purpose or otherwise. five(9)s GmbH is not liable for any damage which has occurred or may occur as a result of or in any respect related to the use of this publication. five(9)s GmbH may change or terminate this publication at any time without further notice and shall not be responsible for any consequence(s) arising there from. Subject to this disclaimer, five(9)s GmbH is not responsible for any contributions by third parties to this publication.