The ConfigMgr BitLocker Recovery Keys tool lets you retrieve current recovery passwords stored in Configuration Manager.
To run the tool:
1. In your Configuration Manager console, right-click on a device.
2. Click Right Click Tools > Security Tools > ConfigMgr BitLocker Recovery Keys.
The ConfigMgr BitLocker Keys window that opens displays the following information:
- Machine Name
- Recovery Key
- Recovery Key ID
- Error
3. Right-click on a Recovery Key ID and click Copy Key to Clipboard.
The AD BitLocker Recovery Keys tool lets you view current recovery passwords and their detailed history.
To run the tool:
1. In your Configuration Manager console, right-click on a device.
2. Click Right Click Tools > Security Tools > AD BitLocker Recovery Keys.
The AD BitLocker Keys window that opens displays the history of the recovery password including the dates when it was created and last changed.
See also Delegate Access to BitLocker Recovery Keys in Active Directory
The MBAM BitLocker Recovery Keys tool allows you to request new MBAM recovery keys.
To run the tool:
1. In your Configuration Manager console, right-click on a device.
2. Click Right Click Tools > Security Tools > MBAM BitLocker Recovery Keys.
3. In the MBAM Recovery Key Request window, select the reason for requesting MBAM recovery keys.
Reasons include:
- Operating System Boot Order changed
- BIOS changed
- Operating System files modified
- Lost Startup Key
- Lost PIN
- TPM Reset
- Lost Passphrase
- Lost Smartcard
- Other
4. Click Request Key(s).
TIP: You can copy a recovery key by right-clicking on an entry and choosing Copy Key to Clipboard.