The volume will automatically unlock if the user or computer has the proper credentials. You can also use -pw as an abbreviated version of this command.Īdds a SID-based identity protector for the volume. You can also use -tpsk as an abbreviated version of this command.Īdds a password key protector for the data drive. You can also use -tsk as an abbreviated version of this command.Īdds a TPM, PIN, and startup key protector for the operating system drive. You can also use -tp as an abbreviated version of this command.Īdds a TPM and startup key protector for the operating system drive. You can also use -cert as an abbreviated version of this command.Īdds a Trusted Platform Module (TPM) and personal identification number (PIN) protector for the operating system drive. Represents the directory path to the startup key.Īdds a public key protector for a data drive. You can also use -sk as an abbreviated version of this command. Represents the directory path to the recovery key.Īdds an external key protector for startup. You can also use -rk as an abbreviated version of this command.
You can also use -rp as an abbreviated version of this command.Īdds an external key protector for recovery. Represents a drive letter followed by a colon.Īdds a numerical password protector. On a workstation, they are part of the RSAT.Encrypts the drive and turns on BitLocker. This can be done on a server using the Add Roles and Features wizard in the Server Manager. In order to access the recovery key, two features must be installed on the administrator computer: BitLocker Recovery Password Viewer and BitLocker Drive Encryption Tools. Then you pass this information to the second command: manage-bde -protectors -adbackup c: -id "" Reading recovery keys in the Active Directory First, you determine the ID of the numeric password for drive c: manage-bde -protectors -get c: The command line tool manage-bde.exe is capable of doing this. If the group policy is enabled after the drives are already encrypted, it will have no effect and the key will have to be manually transferred to the Active Directory.
This ensures that BitLocker will wait until mobile users are reconnected to AD before it encrypts the data. In addition, it makes sense to activate the Do not enable BitLocker until recovery information is stored to AD DS for operating system drives option. The key package is used to recover data on a physically damaged drive. You can choose between Backup Restore Password and Key Packages and Backup Restore Passwords Only. GPO setting to backup recovery keys for system drives in Active Directoryįurthermore, you can configure which data will be stored in the AD.
0 kommentar(er)
