locked
Bitlocker encrypted devices: Changing computer's name RRS feed

  • Question

  •   
    Hello,

    is it possible to change the computername of a Bitlocker encrypted device?

    What will happen? (=> Recovery Key etc.)

    Device(s):
    Windows 7 Enterprise 64-Bit / Windows 10 Professional 64-Bit
    HP / Lenovo TPM
    Start-PIN



    ----------------------

    TD

    Tuesday, February 19, 2019 8:03 AM

Answers

  • Possible. Nothing will happen, everything just keeps working and the recovery key is still accessible in AD under the new computer name (if you saved it to AD, that is).
    Tuesday, February 19, 2019 12:29 PM
  • Hi,

    Thanks for posting in Microsoft TechNet Forum.

    It is possible to change the computer name of a Bitlocker encrypted device.

    If you remove the computer from the domain, rename the computer, and then rejoin it to the domain, the recovery key will be invalidated and won't work any more.

    You can use the manage-bde –protectors –adbackup command to store the recovery key in Active Directory. Rename the computer while it is still joined to the domain for the recovery key to remain valid. 

    Best regards,

    Hurry


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com



    Tuesday, February 19, 2019 2:18 PM
  • You need to indicate whether you understood the suggestions.

    It is uncritical to change the computername - just do it :-)

    Wednesday, February 20, 2019 3:41 PM
  • Hi,

    Thank you for your feedback.

    A domain policy that will require the computer to store it's key in Active Directory as a property of the computer account and it's all done automatically! Therefore, rest assured.

    Please refer to the suggestions provided above. 

    If my answer is helpful to you, please mark it as an answer.

    Thank you for your cooperation.

    Best regards,

    Hurry


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Wednesday, February 20, 2019 7:46 PM

All replies

  • Possible. Nothing will happen, everything just keeps working and the recovery key is still accessible in AD under the new computer name (if you saved it to AD, that is).
    Tuesday, February 19, 2019 12:29 PM
  • Hi,

    Thanks for posting in Microsoft TechNet Forum.

    It is possible to change the computer name of a Bitlocker encrypted device.

    If you remove the computer from the domain, rename the computer, and then rejoin it to the domain, the recovery key will be invalidated and won't work any more.

    You can use the manage-bde –protectors –adbackup command to store the recovery key in Active Directory. Rename the computer while it is still joined to the domain for the recovery key to remain valid. 

    Best regards,

    Hurry


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com



    Tuesday, February 19, 2019 2:18 PM

  • Hello,

    our encrypted notebooks are domain clients.

    Notebooks are integrated into Windows domain before Bitlocker encryption.

    We don't do something with the recovery keys.
    We save them as TXT files (as part of the encryption process in the Windows "Bitlocker" app) for emergency case. I don't know if they are saved in the AD automatically.

    TD


    Wednesday, February 20, 2019 2:12 PM
  • You need to indicate whether you understood the suggestions.

    It is uncritical to change the computername - just do it :-)

    Wednesday, February 20, 2019 3:41 PM
  • Hi,

    Thank you for your feedback.

    A domain policy that will require the computer to store it's key in Active Directory as a property of the computer account and it's all done automatically! Therefore, rest assured.

    Please refer to the suggestions provided above. 

    If my answer is helpful to you, please mark it as an answer.

    Thank you for your cooperation.

    Best regards,

    Hurry


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Wednesday, February 20, 2019 7:46 PM