You administer computers that run Windows 8 Enterprise and are members of an Active Directory domain.
Some volumes on the computers are encrypted with BitLocker.
The BitLocker recovery passwords are stored in Active Directory. A user forgets the BitLocker passwordto local
drive E: and is unable to access the protected volume.
You need to provide a BitLocker recovery key to unlock the protected volume.
Which two actions should you perform?
(Each correct answer presents part of the solution.Choose two.)
A.
Ask the user to run the manage-bde -protectors -disable e: command.
B.
Ask the user for his or her logon name.
C.
Ask the user to run the manage-bde -unlock E: -pwcommand.
D.
Ask the user for his or her computer name.
E.
Ask the user for a recovery key ID for the protected drive.
Explanation:
Original Answer was ‘A’ and ‘E’.
BitLocker Drive Encryption Operations Guide: Recovering Encrypted Volumes with AD DS
Reference:
http://technet.microsoft.com/en-us/library/cc771778(v=ws.10).aspx
Record the name of the user’s computer
You can use the name of the user’s computer to locate the recovery password in AD DS. If the user doesnot
know the name of the computer, ask the user to readthe first word of the Drive Labelin the BitLocker Drive
Encryption Password Entryuser interface. This is the computer name when BitLocker was enabled and is
probably the current name of the computer.
Verify the user’s identity
You should verify that the person that is asking for the recovery password is truly the authorized user of that
computer. Another option is to verify that the computer with the name the user provided belongs to theuser.