Windows - Delegate access to BitLocker recovery keys

Windows - Delegate access to BitLocker recovery keys

Would you like to learn how to delegate access to BitLocker recovery keys in the Active Directory? In this tutorial, we are going to show you how to allow a group of users to read the BitLocker recovery keys on the Active Directory.

• Windows 2012 R2
• Windows 2016
• Windows 2019
• Windows 10
• Windows 7

Equipment list

The following section presents the list of equipment used to create this tutorial.

As an Amazon Associate, I earn from qualifying purchases.

Windows Related Tutorial:

On this page, we offer quick access to a list of tutorials related to Windows.

List of Tutorials
Windows - Lock the screen after inactivity
Windows - Radius server installation
Windows - Audit deleted files
Windows - Java installation
Windows - Monitoring using Zabbix
Windows - Monitoring using SNMP
Windows - Force the USB drive encryption
Windows - Turn off Wifi if ethernet is connected
Windows - Traffic shaper
Windows - Active Directory installation
Windows - LDAP over SSL
Windows - TFTP client installation
Windows - Block IP address list
Windows - Force MSU installation
Windows - SNMP installation
Windows - SSH server installation
Windows - IIS installation
Windows - PHP installation
Windows - MySQL installation
Windows - Change the RDP port
GPO - Map network drive
GPO - Application Locker
GPO - Lock user account after 3 fails
GPO - Add local administrators
GPO - Proxy configuration
GPO - Proxy auto-configuration script
GPO - Google Chrome configuration
GPO - Disable the installation of Chrome extensions
GPO - Disable the Chrome password manager
GPO - Mozilla Firefox configuration
GPO - Disable the installation of Firefox extensions
GPO - Disable the Firefox password manager
GPO - Disable autorun and autoplay
GPO - Disable SMBv1
GPO - Disable guest account
GPO - Configure the Firewall
GPO - Install an MSI package
GPO - Configure the Wallpaper
GPO - NTP client
GPO - Change RDP port
GPO - Message after login
GPO - Logoff RDP session after inactivity
GPO - Limit control panel options

Tutorial Windows - Delegate access to BitLocker recovery keys

Open the application named: Active Directory Users and Computers.

Create a new group.

Active Directory - Create a group

Right-click on the desired organizational unit.

Select the option to Delegate Control.

Active Directory - Delegate Control

Select the desired group.

Active Directory - Delegate Permissions

Select the option to create a custom task.

Windows - Delegate custom task

Select only the object named: MSFVE-RECOVERYINFORMATION.

Bitlocker - Delegate access to recovery keys - MSFVE-RECOVERYINFORMATION

Select the full control permission.

Bitlocker - Delegate recovery key access

Click on the Next button to finish the configuration.

In our example, members of the group named MY-ADMIN will be able to access the Bitlocker recovery keys stored inside the organizational unit named TEST.

Delegation access - Bitlocker recovery key

You will not be able to view the Bitlocker recovery keys in other organizational units.

Congratulations! You are able to delegate permission to access the Bitlocker recovery keys in the Active Directory.

VirtualCoin CISSP, PMP, CCNP, MCSE, LPIC22021-07-04T17:57:49-03:00

Related Posts

Firefox - Disable telemetry to increase privacy

Firefox - Disable telemetry to increase privacy

March 22nd, 2024

Reset the WSL Linux password on Windows

Reset the WSL Linux password on Windows

June 20th, 2023

WMI - Creating a scheduled task remotely on Windows

WMI - Creating a scheduled task remotely on Windows

June 7th, 2023

WMI - Create a remote process on Windows

WMI - Create a remote process on Windows

June 7th, 2023

Windows - Create a process via WMI

Windows - Create a process via WMI

June 2nd, 2023

Windows - Port forwarding using PLINK

Windows - Port forwarding using PLINK

May 30th, 2023

Windows - Delegate permissions to create a GPO

Windows - Delegate permissions to create a GPO

May 26th, 2023

Windows - Configure Port Forwarding using NETSH

Windows - Configure Port Forwarding using NETSH

May 24th, 2023

GPO - Disable Basic authentication for WinRM Service

GPO - Disable Basic authentication for WinRM Service

February 9th, 2023

GPO Firewall - Disable notifications when programs are blocked

GPO Firewall - Disable notifications when programs are blocked

February 9th, 2023

GPO - Block connection to non-domain networks

GPO - Block connection to non-domain networks

February 3rd, 2023

GPO - Block Automatically connecting to Wi-Fi hotspots

GPO - Block Automatically connecting to Wi-Fi hotspots

February 3rd, 2023

GPO - Disable JavaScript on Adobe Reader DC

GPO - Disable JavaScript on Adobe Reader DC

January 30th, 2023

GPO - Disable Flash on Adobe Reader DC

GPO - Disable Flash on Adobe Reader DC

January 30th, 2023

GPO Defender - Configure the scheduled scan

GPO Defender - Configure the scheduled scan

January 28th, 2023