BitLocker, AD Recovery key question
Hello all Windows Server 2008 R2 domain, Clients = Windows 7 Enterprise I have enabled Bitlocker with the GPO to store Recovery Key in AD. During the Bitlocker wizard (turn on Bitlocker) on the computer, there is an option to "How do you want to store the recovery key?" I selected "Save the Recovery key to a file" then it opened to the share I had created on the DC. I was able to save this recovery key to that location My question is: We're planning to roll out Bitlocker to at least 30 more computers, how would you know what recovery key is associated to which computer?
February 28th, 2011 1:10pm

You can use PowerShell to locate the GUID of the partition that is encrypted with BitLocker. Use the command : manage-bde -status , from an administrative Powershell session. Start here for BitLocker Technet documentation http://technet.microsoft.com/en-us/library/cc731549(WS.10).aspx You will want to learn how to use the Manage-Bde command from PowerShell to administer BitLocker. Since you've enabled the GPO to backup the BitLocker Recovery key to AD you will need to install the BitLocker Password viewer in the RSAT (Remote Server Administration Toolkit) for windows 7. This will enable the BitLocker recovery password tabs in the Active Directory Users and Computers MMC console. When you save the BitLocker Key to a text file on the DC like you are mentioning above, each recovery key text file will have the workstation name and the GUID of the partition that is encrypted, all you have to do is match the GUID, to know what computer you are working with. You will want to doublecheck the computer objects when you do the BitLocker encryption that the password's are backing up. You can ensure this by setting the GPO to force backup to AD for any computer that you run BitLocker on, that way if you cannot communicate with AD you cannot do the initial encryption on the workstation. hope this helps. john John Wildes | Senior Enterprise Architect | United Airlines | Desktop Engineering
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2011 3:24pm

Fantastic. Thank you so much!
February 28th, 2011 3:29pm

I want to ask you something.. What if I have setted the "how bitlocker protected fixed drives can be recovered", the Bitlocker password viewer, drive encription tools. I can see the Bitlocker Recovery tab, but there is not information of any computer that I have in the AD OU. Any idea???
Free Windows Admin Tool Kit Click here and download it now
June 8th, 2012 1:00pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics