Hi all, I built an environment, based on a Windows Server 2008 AD, that includes a BDE RA based on a certificate enrolled through an EFS Recovery template. I successfully encrypted a data partition and, by using manage-bde script, I can easily unlock the encrypted partition through RA certificates. This is obviously done with a "running and already booted" operating system. I also successfully encrypted an OS partition (i.e. disk C) and if I use manage-bde with the parameters -status and -protectors -get I can see that the recovery agent is perfectly included. The question is: how can I use RA certificates to unlock an OS partition? In fact, in such a situation, the OS is not obviously booted and the "standard" screen only asks me to type the recovery password. I also tried to use manage-bde.exe included in a WinRE boot image but it doesn't work. Any suggestions? Thanks a lot for any help :) :)

After checking the issue, it seems this is a general Windows Server and Bitlocker related issue. As this forum focuses on Windows 7 specific issues, this inquiry would best be posted to windows Server forum: http://social.technet.microsoft.com/Forums/en/winserversecurity/threads The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.Sean Zhu - MSFT