'Choose default folder for recovery password (DefaultRecoveryFolderPath)' This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker. If you enable this policy setting, you can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in a folder. You can specify either a fully qualified path or include the target computer's environment variables in the path. If the path is not valid, the BitLocker setup wizard will display the computer's top-level folder view. If you disable or do not configure this policy setting, the BitLocker setup wizard will display the computer's top-level folder view when the user chooses the option to save the recovery password in a folder. Note: This policy setting does not prevent the user from saving the recovery password in another folder. Counter Measure: This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting will not force users to store their recovery password in a specific folder, but it can provide guidance to users on where to best store recovery passwords. Potential Impact: None [default recovery folder path] (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Choose default folder for recovery password (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\DefaultRecoveryFolderPath oval:org.secpod.oval:def:35024 SCAP Repo OVAL Definition 2016-06-10