Asking about Bitlocker recovery key location. RRS feed

  • Question

  • I have Bitlocker encryption enabled during MDT. The recovery password is stored correctly to our AD.

    However, looking at the target pc, the recovery key is in plain sight in a text file on C:

    I guess I do not fully understand the difference between the two. If a user needs a recovery password, we go to AD and give them the Bitlocker Recovery password.

    I do not want a key stored on the pc. I don't need it stored anywhere but in AD.
    So, how can I stop the key from being written to anywhere but AD?

    Friday, September 6, 2019 4:06 PM