| Êàòàëîã 2018 | Êàòàëîã 2017 | Êàòàëîã 2016 | Êàòàëîã 2015 | Êàòàëîã 2014 | Êàòàëîã 2013 | Êàòàëîã 2012 | Ñåðòèôèêàò | Êîíòàêòû | Êàðòà ñàéòà | Ïîèñê |
1. Executive Summary BitLocker Drive Encryption (Windows) can automatically escrow its recovery passwords and key packages to Active Directory (AD) . This provides a centralized, auditable, and secure backup mechanism, preventing data loss if a user forgets their PIN/password or if TPM hardware changes. This report covers how it works, requirements, verification steps, and security considerations. 2. How BitLocker Key Escrow to AD Works When BitLocker is enabled on a domain-joined computer, the BitLocker Drive Encryption Administration Utility ( manage-bde ) or Group Policy can force the computer to back up recovery information to AD.
manage-bde -protectors -get C: manage-bde -protectors -adbackup C: -id GUID Or backup all protectors: bitlocker key active directory