3

So I have a bunch of old bitlocker keys stored with some computer accounts (the msFVE-RecoveryInformation attribute):

enter image description here

Bitlocker has re-run multiple times and every time it re-encrypts it generates and backs up a new recovery password of course- so the "old" keys are no longer in use.

Is it safe to delete them or will that screw up something with the computer account?

red888
  • 4,183
  • 18
  • 64
  • 111
  • 4
    By "old", you mean two days old? – Greg Askew Aug 25 '16 at 16:39
  • Ha sorry I'll change the wording. I mean expired, encryption has re-run on the box and it generated a new recovery password – red888 Aug 25 '16 at 16:44
  • Recovery Information for each encrypted volume on the computer is stored separately so make sure you're not deleting the Recovery Information for a different volume. – joeqwerty Aug 25 '16 at 18:27
  • Thats a good point I hadn't considered that. But this is only the OS volume. – red888 Aug 25 '16 at 18:28

1 Answers1

4

If you're certain you do not need the recovery keys (e.g. You re-imaged or otherwise re-keyed) then you may safely delete them from the computer object.

jscott
  • 24,484
  • 8
  • 79
  • 100