Reference Guide
Manage Policies
Configure User Storage of BitLocker 48-digit Recovery Password
Configure User Storage of BitLocker 256-bit Recovery Key
Omit Recovery Options from the BitLocker Setup Wizard
Save BitLocker Recovery Info to AD DS for Operating System
Drives
BitLocker Recovery Information to Store in AD DS (Windows
Server 2008 Only)
Do Not Enable BitLocker Until Recovery Information is Stored
in AD DS for Operating System Drives
Allow Data
Recovery Agent
for Protected
Operating
System Drives
Selected
Selected
Not Selected
The "Allow Certificate Based Data Recovery Agent" is used to
specify whether a data recovery agent can be used with
BitLocker operating system drives. Before a data recovery
agent can be used, it must be added from the Public Key
policies in either the Group Policy Management Console or the
Local Group Policy Editor.
To use this policy, Choose How BitLocker-protected Operating
System Drives Can be Recovered must be set to Selected.
Configure User
Storage of
BitLocker 48-
digit Recovery
Password
Allow
Do Not Allow
Require
Allow
This policy configures if a user is allowed, required, or not
allowed to generate a 48-digit password.
To use this policy, Choose How BitLocker-protected Operating
System Drives Can be Recovered must be set to Selected.
Configure User
Storage of
BitLocker 256-
bit Recovery
Key
Allow
Do Not Allow
Require
Allow
This policy configures if a user is allowed, required or not
allowed to generate a 256-bit recovery key.
To use this policy, Choose How BitLocker-protected Operating
System Drives Can be Recovered must be set to Selected.
Omit Recovery
Options from
the BitLocker
Setup Wizard
Not Selected
Selected
Not Selected
When Selected, users are prevented from specifying recovery
options when BitLocker is enabled. Recovery options for the
drive are determined by policy settings.
To use this policy, Choose How BitLocker-protected Operating
System Drives Can be Recovered must be set to Selected.
Save BitLocker
Recovery
Information to
AD DS for
Operating
System Drives
Selected
Selected
Not Selected
Selected allows BitLocker recovery information to be stored in
AD DS for operating system drives. The appropriate schema
extensions and access control settings on the domain must be
first configured before AD DS backup can succeed.
To use this policy, Choose How BitLocker-protected Operating
System Drives Can be Recovered must be set to Selected.
BitLocker
Recovery
Information to
Store in AD DS
(Windows
Server 2008
Only)
Recovery Passwords and Key Packages
Recovery Passwords and Key Packages
Recovery Passwords Only
This policy provides the option of storing recovery passwords
and key packages, or storing the recovery password only in AD
DS. The appropriate schema extensions and access control
settings on the domain must be first configured before
applying this policy.
This policy is applicable only to computers running Windows
Server 2008.
To use this policy, Choose How BitLocker-protected Operating
System Drives Can be Recovered must be set to Selected.
Do Not Enable
BitLocker
Until Recovery
Not Selected
Selected
Not Selected
Although BitLocker recovery information is automatically
148