If the backup initially fails, such as when a domain controller is unreachable at the time when the BitLocker setup wizard is run, BitLocker does not try again to back up the recovery information to AD DS. $RecoveryProtector = $BitLocker.KeyProtector | Where-Object īackup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorIDīackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorID For example, to back up all of the recovery information for the $env:SystemDrive to AD DS, you would use the following command script from an elevated command prompt: $BitLocker = Get-BitLockerVolume -MountPoint $env:SystemDrive The manage-bde command-line tool can also be used to manually back up recovery information to AD DS. The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information however, BitLocker does not automatically manage this process.
However, you can use the Choose how BitLocker-protected operating system drives can be recovered, Choose how BitLocker-protected fixed drives can be recovered, and Choose how BitLocker-protected removable drives can be recovered Group Policy settings to require the computer to be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in your organization is backed up to AD DS.įor more info, see BitLocker Group Policy settings. If BitLocker is enabled on a drive before Group Policy has been applied to enforce a backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied.
0 kommentar(er)
