BitLocker GPOs registry keys paths RRS feed

  • Question

  • Hi there,

    could someone tell please path to the registry keys of the following enabled BitLocker GPOs below?

    I'm trying to setup a registry scan through PDQ deploy to validate if the BitLocker GPOs applied on remote user laptops prior to starting the encryption process to avoid importing BitLocker passwords manually. 

    Policy Setting Comment

    Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista) Enabled 

    Important: To prevent data loss, you must have a way to recover BitLocker encryption keys. If you do not allow both recovery options below, you must enable backup of BitLocker recovery information to AD DS. Otherwise, a policy error occurs.

    Configure 48-digit recovery password: Require recovery password (default)

    Configure 256-bit recovery key: Require recovery key (default)

    Note: If you do not allow the recovery password and require the recovery key, users cannot turn on BitLocker without saving to USB.



    Policy Setting Comment

    Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista) Enabled 

    Require BitLocker backup to AD DS Enabled

    If selected, cannot turn on BitLocker if backup fails (recommended default). 

    If not selected, can turn on BitLocker even if backup fails. Backup is not automatically retried.

    Select BitLocker recovery information to store: Recovery passwords and key packages

    Tuesday, October 13, 2020 4:56 PM


All replies