Possible.
GPO ->In Configure user storage of BitLocker recovery information, select whether users are allowed, required, or not allowed to generate a 48-digit recovery password.
(this needs to be done in the section for removable devices).
You will notice that this GPO disallows the creation of such a key already. This means: when you encrypt the stick, you will need to use a machine where this disallowing GPO is NOT active.
Preventing Access to BitLocker To Go recovery options
Korey E Benoit
1
Reputation point
I need to be able to remove the ability for users to Save or Print the BitLocker To Go recovery keys from their client computer. We are already saving the keys to AD but need to prohibit the users from unlocking the drive on a non-domain computer.
1 answer
Sort by: Most helpful
-
MTG 1,226 Reputation points
2022-06-14T11:16:16.217+00:00