Which two actions should you perform?

You administer computers that run Windows 10 Enterprise and are members of an Active Directory domain.
The computers are encrypted with BitLocker and are configured to store BitLocker encryption passwords in
Active Directory.
A user reports that he has forgotten the BitLocker encryption password for volume E on his computer. You
need to provide the user a BitLocker recovery key to unlock the protected volume.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

You administer computers that run Windows 10 Enterprise and are members of an Active Directory domain.
The computers are encrypted with BitLocker and are configured to store BitLocker encryption passwords in
Active Directory.
A user reports that he has forgotten the BitLocker encryption password for volume E on his computer. You
need to provide the user a BitLocker recovery key to unlock the protected volume.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.
Ask the user for his computer name.

B.
Ask the user to run the manage-bde-unlock E:-pw command.

C.
Ask the user for his logon name.

D.
Ask the user for a recovery keyID for the protected volume.

Explanation:
A: To view the recovery passwords for a computer you would need the computer name:
In Active Directory Users and Computers, locate and then click the container in which the computer is
located.
Right-click the computer object, and then click Properties.
In the Properties dialog box, click the BitLocker Recovery tab to view the BitLocker recovery passwords that
are associated with the particular computer.
B:The Manage-bde: unlock command unlocks aBitLocker-protected drive by using a recovery password or a
recovery key.
IncorrectAnswers:
C: Logon name would not help. Youcan easily find out the name of the owner if you have the access to the PC.
For example, open Outlook or simply press Start toverify username. In such cases mobile phone call
verification would is preferred, but it is not mentioned in the answers.
D: The recovery ID is not required to unlock the product volume, we only need the recovery password.

https://technet.microsoft.com/en-us/library/dd759200(v=ws.11).aspx
http://www.concurrency.com/blog/enable-bitlocker-automatically-save-keys-to-active-directory/



Leave a Reply 2

Your email address will not be published. Required fields are marked *


angus7

angus7

The right answer is:
A.
Ask the user for his computer name.
D.
Ask the user for a recovery keyID for the protected volume. (so we can get the recovery key off the AD)

Manage-bde: unlock – https://technet.microsoft.com/en-us/library/ff829854(v=ws.11).aspx
Unlocks a BitLocker-protected drive by using a recovery password or a recovery key.

-password
Presents a prompt for the password to unlock the volume. Abbreviation: -pw
manage-bde -unlock E: -pw

But we do not have the password as the user forgot it. And the recovery key is stored in the AD.