Reference Guide
Manage Policies
156
Removable
Drives Can be
Recovered
Manager, even if this value is Not Selected. This policy
allows for the control of how BitLocker protected removable
data drives are recovered in the absence of the required
credentials.
More...
This policy is the parent policy to:
Allow Data Recovery Agent for Protected Removable Data Drives
Configure User Storage of BitLocker 48-digit Recovery Pas
sword
Configure User Storage of BitLocker 256-bit Recovery Key
Omit Recovery Options from the BitLocker Setup Wizard for
Removable Media
Save BitLocker Recovery Information to AD DS for Removable
Data Drives
BitLocker Recovery Info to Store in AD DS for Removable Data
Drives
Do Not Enable Bi
tLocker Until Recovery Info is Stored in AD DS
for Rem Data Drives
Allow Data
Recovery Agent
for Protected
Removable Data
Drives
Selected
Selected
Not Selected
When Selected, a data recovery agent is allowed for use with
BitLocker protected removable data drives. Before the agent
can be used, it must be added f
rom the Public Key Policies in
either the Group Policy Management Console or the Local Group
Policy Editor.
To use this policy, Choose How BitLocker-protected Removable
Drives Can be Recovered must be to Selected.
Configure User
Storage of
BitLocker 48-
di
git Recovery
Password
Allow
Allow
Require
Do Not Allow
This policy configures if a user is allowed, required, or not
allowed to generate a 48-digit password.
To use this policy, Choose How BitLocker-protected Removable
Drives Can be Recovered must be to Selected.
Configure User
Storage of
BitLocker 256-
bit Recovery
Key
Allow
Allow
Require
Do Not Allow
This policy configures
if a user is allowed, required, or not
allowed to generate a 256-bit recovery key.
To use this policy, Choose How BitLocker-protected Removable
Drives Can be Recovered must be to Selected.
Omit Recovery
Options from
the BitLocker
Setup Wizard
for Removable
Media
Not Selected
Selected
Not Selected
When Selected, users are prevented from specifying recovery
options when BitLocker is enabled. Recovery options for the
drive are determined by policy settings.
To use this policy, Choose How BitLocker-protected Removable
Drives Can be Recovered must be to Selected.
Save BitLocker
Recovery
Information to
AD DS for
Removable Data
Drives
Selected
Selected
Not Selected
Selected allows
BitLocker recovery information to be stored in
AD DS for removable data drives. The appropriate schema
extensions and access control settings on the domain must be
first configured before AD DS backup can succeed.
To use this policy, Choose How BitLocker-protected Removable
Drives Can be Recovered must be to Selected.
Set this policy to Selected to use the policy BitLocker
Recovery Information to Store in AD DS for Removable Data
Drives.
BitLocker
Recovery
Information
to
Store in AD DS
Recovery Passwords and Key Packages
Recovery Passwords and Key Packages
Recovery Passwords Only
This policy provides the option of storing recovery passwo
rds
and key packages, or storing the recovery password on
ly in AD