How to recover a Bitlocker key stored in AD?

B

BddWdsAdmin

Hi all, I am trying to recovery (as a test) the bitlocker key that was
stored in AD

I have extended the Ad schema and ran the ListAces.vbs from the
Bitlocker guide and get the expected output.

When I run this: cscript Get-BitLockerRecoveryInfo.vbs I do not get
any output.

Has anyone tried this with success?

Thanks
 
J

Josh Phillips

If you are a domain admin you should be able to view the key just fine with
that script. is that not what you are seeing?

The key uses the new capabilities build in the SP1 to protect it...

you can also delegate authority to the object (you will notice the key is a
sub object of the compter object if you really go hunting) be sure to
provide "control access" and "read property" to the group you want to
delegate to read the key.



josh
http://windowsconnected.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cannot load OS after setting up the bitlocker 1
Bitlocker now disabled 4
Bitlocker requests recovery key every boot 4
BitLocker question 1
BitLocker Recovery not working on Lenovo T60 3
BitLocker and AD (KB928202) 2
Bitlocker stuck at 0%, says drive "needs conversion" 4
Bitlocker experience 8

Top