Preventing Access to BitLocker To Go recovery options

Korey E Benoit 1 Reputation point
2022-06-13T15:22:41.943+00:00

I need to be able to remove the ability for users to Save or Print the BitLocker To Go recovery keys from their client computer. We are already saving the keys to AD but need to prohibit the users from unlocking the drive on a non-domain computer.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,705 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. MTG 1,226 Reputation points
    2022-06-14T11:16:16.217+00:00

    Possible.
    GPO ->In Configure user storage of BitLocker recovery information, select whether users are allowed, required, or not allowed to generate a 48-digit recovery password.
    (this needs to be done in the section for removable devices).
    You will notice that this GPO disallows the creation of such a key already. This means: when you encrypt the stick, you will need to use a machine where this disallowing GPO is NOT active.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.