![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 36%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
6,655 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 55.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHL%3C/text%3E%3C/svg%3E)
Hello.
By default, read-only members don't have permission to view BitLocker recovery passwords. This is because BitLocker recovery information is sensitive data and generally requires higher permissions to access. If you want a specific read-only member to be able to view the BitLocker recovery password, you'll need to assign the appropriate permissions to that member in AD.
Here are the steps you can follow:
Open Active Directory Users and Computers (ADUC):
Go to the "View" menu and make sure "Advanced Features" is checked.
Navigate to the BitLocker recovery information container: This is typically located under the computer object where the BitLocker recovery information is stored.
Modify Permissions:
Right-click the BitLocker Recovery Information container and select Properties.
Go to the "Security" tab and click on "Advanced".
Click Add to add a new permission entry.
Select the Read-only group or the specific user you want to grant access to.
In the Permissions section, check the Read all properties box.
Click OK to apply the changes and save.
Hope this helps.
Best Regards,
Hania Lian
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.