You administer computers that run Windows 8 Pro and are members of an Active Directory domain. The
computers are encrypted with BitLocker and are configured to store BitLocker encryption passwords in Active
Directory.
A user reports that he has forgotten the BitLocker encryption password for volume E on his computer.
You need to provide the user a BitLocker recovery key to unlock the protected volume.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.
Ask the user to run the manage-bde -unlock E: -pw command.
B.
Ask the user for a recovery key ID for the protected volume.
C.
Ask the user for his computer name.
D.
Ask the user for his logon name.
Explanation:
You can use the name of the user’s computer to locate the recovery password in AD DS. If the user doesnot
know the name of the computer, ask the user to read the first word of the Drive Label in the BitLocker Drive
Encryption Password Entryuser interface. This is the computer name when BitLocker was enabled and is
probably the current name of the computer.
Verify the user’s identity
You should verify that the person that is asking for the recovery password is truly the authorized user of that
computer. Another option is to verify that the computer with the name the user provided belongs to the user.
http://technet.microsoft.com/en-us/library/cc771778(v=ws.10).aspx#BKMK_VerifyIdentity