Enable Bitlocker Recovery Password Viewer In Active Directory -

“I can’t get in,” the VP had whined. “Something about recovery. Just fix it.”

Leo copied it, dialed the VP, and read it out in a flat monotone.

He opened the Group Policy Management Console and navigated to: Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives “I can’t get in,” the VP had whined

Leo had tried the usual tricks. Checked BitLocker in the control panel. Looked for the USB key in the corporate safe. Called the help desk. Nothing.

Leo didn’t feel like a god. He felt like a plumber who’d just unclogged a pipe that should never have been clogged in the first place. He opened a new ticket: Enable BitLocker recovery password viewer for all admins. He opened the Group Policy Management Console and

“You’re a god,” the VP said, and hung up.

Get-ADObject -Filter ObjectClass -eq "msFVE-RecoveryInformation" -SearchBase "DC=contoso,DC=com" Zero results. Of course. Called the help desk

“Right,” he muttered. “Let’s fix this for good.”