Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Remote Actions
  3. Admin actions

Category filter

Rotate BitLocker Recovery Password for Drives

Jump To

The Rotate BitLocker Recovery Password remote action allows IT administrators to securely refresh the BitLocker recovery keys for managed Windows devices, ensuring that old or compromised passwords are invalidated and replaced with new credentials.

What is BitLocker Password Rotation?

BitLocker password rotation is a security maintenance process where the existing recovery password for an encrypted drive is replaced with a new one.

  • Purpose: Prevents unauthorized access using old recovery keys and maintains security hygiene.
  • Hexnode Function: Enables admins to execute this rotation remotely for either all drives or specific partitions directly from the console.

Prerequisites

Prerequisite Description
BitLocker Policy A BitLocker encryption policy must be successfully deployed and active on the device before executing this action.

Step-by-Step Guide: Executing Bitlocker Password Rotation

Administrators can initiate the rotation for a specific device through the Hexnode UEM console.

  1. Log in to your Hexnode UEM portal.
  2. Navigate to the Manage tab.
  3. Select the target device to open its details page.
  4. Click the Actions drop-down menu.
  5. Navigate to Security and select Rotate BitLocker Recovery Password.
  6. Choose one of the following rotation configurations:
    Option Description Input Format
    Rotate recovery password for all drives Updates the recovery password for every BitLocker-encrypted drive on the device. Checkbox
    Rotate recovery password for specific drives Updates the recovery password only for the designated partitions. Specify drive names (e.g., C: or D:).
  7. Click Done (or the confirmation button) to execute the command.

Frequently Asked Questions (FAQ)

Is password rotation possible for a specific drive, such as the D: drive?

Yes. The option Rotate recovery password for specific drives allows for the manual entry of a specific drive letter (e.g., D:) to target that volume exclusively.

Can the volume be set to 0 (Mute)?

Yes. Entering a value of 0 in the volume level field will effectively mute the device.

Where is the new BitLocker recovery password located after rotation?

The updated password appears in the Drive sub-tab on the device summary page within the Hexnode portal.

Does this action function if BitLocker is disabled?

No. A BitLocker encryption policy must be deployed and active on the device for the rotation action to execute successfully.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Remote Actions