top | item 46738285

(no title)

pnw | 1 month ago

You can turn it off without resorting to a local account, although it's non-obvious.

GPEdit -> Computer Configuration → Administrative Templates → Windows Components → BitLocker Drive Encryption → Operating System Drives → “Choose how BitLocker-protected operating system drives can be recovered”

Repeat for other drives.

discuss

g-b-r|1 month ago

I imagine you have to re-encrypt the drive after that, though, for it to have some real effect

smileybarry|1 month ago

No, you can just revoke and regenerate the recovery key with `manage-bde`.

vel0city|1 month ago

No, the actual data encryption key doesn't need to change unless you're very paranoid. The backup key and your normal key is just to decrypt the data encryption key.