Delen via


BitLocker Recovery Password Backup

Applies To: Windows Server 2008

Recovery information for Windows BitLocker Drive Encryption (BitLocker) can be automatically backed up to Active Directory Domain Services (AD DS). Recovery information for BitLocker includes the recovery password for each BitLocker-enabled volume, and the information required to identify which computers and volumes the recovery information applies to.

You can also configure systems to back up a binary package containing the actual keying information in an encrypted form. Recovery information is not backed up by default, but administrators can configure backup by using Group Policy settings. For more information, see "Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information" (https://go.microsoft.com/fwlink/?LinkID=67438).

Events

Event ID Source Message

513

Microsoft-Windows-BitLocker-API

BitLocker Drive Encryption recovery information was backed up successfully to Active Directory Domain Services.
Protector GUID: %1
Volume GUID: %2

514

Microsoft-Windows-BitLocker-API

Failed to backup BitLocker Drive Encryption recovery information to Active Directory Domain Services.
Errorcode: %2
Protector GUID: %1
Volume GUID: %3

BitLocker API

Core Security