none
How to revoke potentially exposed BitLocker recovery keys

    Question

  • Hello guys,

    I've got a question, let's say that in my enterprise we have a security breach and a hacker successfully retrieved all recovery keys from the sql databse. Is there a way to revoke all our keys and generate new ones ? Would it be possible to have a report with the already updated keys and the one not yet revoked ?

    Or in another way, what would be the best approach ?

    Thank you.

    Wednesday, September 25, 2013 8:43 AM

Answers

  • The decryption can also be done through the GPO which does not requires the user interaction.

    Also you can force the machine to recovery, so that when the recovery key will be used once, it will get changed by the MBAM agent. But this is a tiresome job on 3K machine so I would rather go for the decrytion-encryption.


    Gaurav Ranjan

    • Marked as answer by -Jordan- Friday, October 18, 2013 2:49 PM
    Monday, September 30, 2013 7:04 PM

All replies

  • my approach will be to force the machine into the recovery mode and use the recovery password to log on the machine. When the recovery password will be used once, MBAM client will automatically re-generate the new one and it will be saved into the MBAM DB.

    Or decrypt and then re-encrypt the machine.


    Gaurav Ranjan

    Saturday, September 28, 2013 10:11 AM
  • Gaurav,

    Thanks for your reply but we have actually over 3k workstations, we can not afford that amount of calls to our help desk.

    To decrypt and re-encrypt the desktops, the users needs to have admin rights on their workstations, which they don't ... :/

    Any other idea is welcome.

    Monday, September 30, 2013 8:38 AM
  • The decryption can also be done through the GPO which does not requires the user interaction.

    Also you can force the machine to recovery, so that when the recovery key will be used once, it will get changed by the MBAM agent. But this is a tiresome job on 3K machine so I would rather go for the decrytion-encryption.


    Gaurav Ranjan

    • Marked as answer by -Jordan- Friday, October 18, 2013 2:49 PM
    Monday, September 30, 2013 7:04 PM