How to recover a Bitlocker key stored in AD?

  • Thread starter Thread starter BddWdsAdmin
  • Start date Start date
B

BddWdsAdmin

Hi all, I am trying to recovery (as a test) the bitlocker key that was
stored in AD

I have extended the Ad schema and ran the ListAces.vbs from the
Bitlocker guide and get the expected output.

When I run this: cscript Get-BitLockerRecoveryInfo.vbs I do not get
any output.

Has anyone tried this with success?

Thanks
 
If you are a domain admin you should be able to view the key just fine with
that script. is that not what you are seeing?

The key uses the new capabilities build in the SP1 to protect it...

you can also delegate authority to the object (you will notice the key is a
sub object of the compter object if you really go hunting) be sure to
provide "control access" and "read property" to the group you want to
delegate to read the key.



josh
http://windowsconnected.com
 
Back
Top