Share via

Backup-BitLockerKeyProtector : backup error

nettech 171 Reputation points
2024-02-03T21:10:41.96+00:00

Hi, We have several older Windows 10 systems (no tpm) that have sensitive data on a non system drive. We are able to encrypt data drives, but Bitlocker recovery is not getting saved to AD. The error we are getting states that GPO does not allow storage, however this is not true. Backup-BitLockerKeyProtector : Group policy does not permit the storage of recovery information to Active Directory. The operation was not attempted. I see many posts on the internet with people having the same problem and none of the offered solutions have worked for us. What could be the next troubleshooting step?

gpo

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments
Accepted answer
  1. Wesley Li 11,255 Reputation points
    2024-02-08T05:47:18.43+00:00

    Hello, You can try use below steps to save bitlocker recovery key to AD: Click the Search icon in the taskbar and type “group policy“. You can then click Group Policy Management to launch it. Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption, and then double-click the policy “Store BitLocker recovery information in Active Directory Domain Services“. Make sure the “Require BitLocker backup to AD DS” option is checked, and select to store both recovery passwords and key packages. select Fixed Data Drives and double-click the policy “Choose how BitLocker-protected fixed drives can be recovered“. Set it to Enabled. Check the options “Save BitLocker recovery information to AD DS for fixed drives” and then click OK.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.