Hi, i have a request to restrict who can see the Bitlocker recovery tab in AD.

can anyone provide the steps required as i was not involved in its setup so i am not sue if this has already been done.

thx

jason

Hi jloster,

Thanks for your post.

Based on my knowledge, to view BitLocker Active Directory recovery passwords, you must be a domain administrator, or you must have been delegated permissions by a domain administrator. 

For your request to restrict the Bitlocker key recovery tab, I suggest you could  post to security forum for more support.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity

Best Regards,

Mary Dong

Hello,

you can use Bitlocker recovery TAB script or delegation control wizard through script you can provide limited or read only access to service desk or restricted access to users to see Key for computer accounts.

http://blogs.technet.com/b/craigf/archive/2011/01/26/delegating-access-in-ad-to-bitlocker-recovery-information.aspx

https://technet.microsoft.com/en-us/library/cc771778(WS.10).aspx

On the link go through the steps mentioned in :  

Appendix A: Delegating Permission

Hello,

Hope your query resolved now. if yes can you mark proposed as Answer so that others can refer it.