• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 509
  • Last Modified:

bitlocker / manage USB drives for recovery passwords


Just encryptrd the C drive of a 2008 r2 server. I saved the recovery password on a USB-drive (as well as printed it). I can see three files on that USB stick (drive) now:


1. Can I copy those 3 files to anoher empty NTFS formatted USB -stick (and format the original Stick if I want)? Is the the recovery comprised by doing that?
2. If I want to Encrypt also the drive E on the same server should I use a blank NTFS formatted USB stick (drive) to store recovery password or can one USB stick hold recovery info for several drives and even several computers too?



1 Solution
ad 1) you need only BEK file for recovery. Or your printed password. It's enough. Just copy BEK file to new usb stick and try :)
ad 2) one USB stick can contain many BEK files. Their names are unique and your OS will select the matching one. i.e. you can create your "master" usb stick with all recovery files in your enterprise if you like.

BEK files are "normal" files. Copy them, archive on DVDs, etc... They will work until they have their content and filename unchanged.
RimFire007Author Commented:
Thank yor for your detailed answer.

Furthermore, I can hve all BEK--files on encrypted USB-stick on secure area on corresponding folders and when needed copy those one I need on unsecured (standard primary) area.




Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now