You administer computers that run Windows 8 Enterprise and are members of an Active Directory domain.
Some volumes on the computers are encrypted with BitLocker.
The BitLocker recovery passwords are stored in Active Directory. A user forgets the BitLocker password to local
drive E: and is unable to access the protected volume.
You need to provide a BitLocker recovery key to unlock the protected volume.Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.
Ask the user to run the manage-bde-protectors-disable e: command.
B.
Ask the user for his or her logon name.
C.
Ask the user to runthe manage-bde-unlock E:-pw command.
D.
Ask the user for his or her computer name.
E.
Ask the user for a recovery key ID for the protected drive.
Explanation:
D: To view the recovery passwords for a computer you would need the computer name:
In Active Directory Users and Computers, locate and then click the container in which the computer is
located.
Right-click the computer object, and then click Properties.
In the Properties dialog box, click the BitLocker Recovery tab to view the BitLockerrecovery passwords that
are associated with the particular computer.
C: The Manage-bde: unlock command unlocks a BitLocker-protected drive by using a recovery password or a
recovery key.
IncorrectAnswers:
A: The manage-bde-protectors-disable e: commandjust disables automatic unlocking for a data drive.
B: Logon name would not help. Youcan easily find out the name of the owner if you have the access to the PC.
For example, open Outlook or simply press Start to verify username. In such cases mobilephone call
verification would is preferred, but it is not mentioned in the answers.
E: The recovery ID is not required to unlock the product volume, we only need the recovery password.https://technet.microsoft.com/en-us/library/dd759200(v=ws.11).aspx
http://www.concurrency.com/blog/enable-bitlocker-automatically-save-keys-to-active-directory/