Preventing Access to BitLocker To Go recovery options

asked 2022-06-13T15:22:41.943+00:00
Korey E Benoit 1 Reputation point

I need to be able to remove the ability for users to Save or Print the BitLocker To Go recovery keys from their client computer. We are already saving the keys to AD but need to prohibit the users from unlocking the drive on a non-domain computer.

Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
1,870 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2022-06-14T11:16:16.217+00:00
    MTG 911 Reputation points

    Possible.
    GPO ->In Configure user storage of BitLocker recovery information, select whether users are allowed, required, or not allowed to generate a 48-digit recovery password.
    (this needs to be done in the section for removable devices).
    You will notice that this GPO disallows the creation of such a key already. This means: when you encrypt the stick, you will need to use a machine where this disallowing GPO is NOT active.

    No comments