Store BitLocker key in AD


hello,

i'm admin office ou, means have delegation rights ou i'm not domain admin.

i configured bitlocker gp should store key in ad in computer object within ou, set gp if computer cannot store key should continue encryption. encrypted computer (win7 64bit) shows no error in event log after encryption.

does mean computer able store key in ds? mean, there entry in event log?

i guess no domain admin right cannot recover bitlocker key bitlocker passwort recovery tool.

thanks,

edy


edy switzerland

hi,

q: there event log entry recorded on client computer indicate success or failure of active directory backup?

a: yes, event log entry indicates success or failure of active directory backup recorded on client computer. however, if event log entry says "success," information have been subsequently removed ad ds, or bitlocker have been reconfigured in such way active directory information can no longer unlock drive (such removing recovery password key protector). in addition, possible log entry spoofed.

ultimately, determining whether legitimate backup exists in ad ds requires querying ad ds domain administrator credentials using bitlocker password viewer tool.

i suggest you follow below articles store bitlocker keys in ad ds:

how backup recovery information in ad after bitlocker turned on in windows 7

http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx

backing bitlocker , tpm recovery information ad ds

http://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx

requirements save bitlocker recovery key ad using mdt

http://blogs.technet.com/b/askcore/archive/2012/05/16/requirements-to-save-bitlocker-recovery-key-to-ad-using-mdt.aspx

regards,

yan li

technet subscriber support

if are technet subscription user , have feedback on our support quality, please send feedback here.


cataleya li
technet community support



Windows Server  >  Security



Comments

Popular posts from this blog

Disconnecting from a Windows Server 2012 R2 file sharing session on a Windows 7,8,10 machine

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

Windows 2016 RDS event 1306 Connection Broker Client failed to redirect the user... Error: NULL