If you have used the BitLocker Drive Encryption feature on your Windows system, you might have noticed that when you save the BitLocker Recovery Key, it is the Desktop that is the default location. For some systems, which are part of the domain, this default location for saving BitLocker Recovery Key, is a top-level folder and easily viewable. Many of you might want to change this in-built setting, because not every user will prefer to save their recovery key on the Desktop, since there are chances that other users may use this Recovery Key to decrypt the drives and obtain the data inside it.
Choose default folder for saving BitLocker Recovery Key password
If you have to work with the BitLocker feature frequently, then for the security purpose you must opt for a different default Recovery Key saving location, which others will not be able to guess. This will save your time in moving the key each time and enhance your security too. Here are the two ways using which you can make this possible:
1] Using Group Policy
1. In Windows 7 or later; Pro & Enterprise Editions, press Windows Key + R combination, type put gpedit.msc in Run dialog box and hit Enter to open the Local Group Policy Editor.
2. In the left pane, navigate here:
3. In the right pane of above-shown screenshot, look for the Setting named Choose default folder recovery password which is showing Not Configured status by default. Double click on this policy. Next click Enabled, then provide your custom location in the Configure the default folder path section. You can also use system variables for example, %USERPROFILE%\Documents. Click Apply followed by OK.
You may now close the Group Policy Editor and try saving a recovery key for BitLocker at your customized location.
2] Using Registry Editor
1. Press Windows Key + R combination, type put regedit in Run dialog box and hit Enter to open the Registry Editor.
2. Navigate here:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
3. In the above shown Registry Editor window, in the right pane, make a right-click and select New > Expandable String Value.
Name this newly created registry string (REG_EXPAND_SZ) as DefaultRecoveryFolderPath. Double click on the same to get this:
4. Moving on, in the Edit String box so appeared, put your desired custom location where you’d like to save your recovery key by default as Value data.
Again, you can use here the system variables like %systemroot%\MyCustomFolder. Click OK after making your choice.
You may now close Registry Editor and observe the changes with BitLocker Drive Encryption.
Once you have done this, you will have changed the default folder location for saving the BitLocker Recovery Key in Windows 11/10/8/7.
Where is BitLocker recovery key stored by default?
For removable data drives, The BitLocker recovery password and recovery key is saved to your Microsoft Account. You can also print it. But you cannot store a recovery key for a removable drive on a removable drive, by default.
Unable to change default location for BitLocker recovery password?
If you are unable to change the default location for the BitLocker recovery password in Windows 11/10, you need to check your Group Policy or Registry settings as mentioned in this post. If you do not have the rights, you could ask your system administrator.
Related reads:
- How to use BitLocker Drive Preparation Tool using Command Prompt
- BitLocker To Go in Windows
- Microsoft BitLocker Administration and Monitoring in Windows
- Recover files & data from inaccessible BitLocker encrypted drive
- Encrypt USB Flash Drives with BitLocker To Go
- Your Recovery Key Couldn’t Be Saved To This Location error for BitLocker.
