We've deployed Windows 7 to a handful of notebooks using the Microsoft Deployment Tookit. During the deployment we utilized the "Enable Bitlocker" step in our Task Sequence. We chose to encrypt the OS drive using TPM only. We also chose to create the recovery key in Active Directory. This worked like a charm for us and the keys were successfully stored in Active Directory. When we fire up one of the notebooks and choose to Turn on Bitlocker on, say a D: drive, we're presented with a "Choose how you want to unlock this drive" option. Either use a password, a smart card or Automatically unlock this drive on this computer. Why wasn't this an option when we were deploying Bitlocker? The next dialog asks us how to store the recovery key. There's no option to choose Active Directory. Is that because we've already encrypted our OS drive and saved the key to Active Directory? Thanks in advance for any help with my questions.Orange County District Attorney

Hi, Regarding the methods encryption of Bitlocker, you could deploy the Bitlocker policies via Group Policy. http://technet.microsoft.com/en-us/library/ee706521(WS.10).aspx http://windows.microsoft.com/en-US/windows7/What-Group-Policy-settings-are-used-with-BitLocker Regarding your second question, recovery information (such as recovery passwords) will be automatically backed up to Active Directory whenever this information is created and changed if the "Store Bitlocker information in Active Directory policy" is deployed. Juke Chou TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.Juke Chou TechNet Community Support

Hi, Any update? Juke Chou TechNet Community Support

Hi, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as Answered as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, wed love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Juke Chou TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.Juke Chou TechNet Community Support

Hello Juke, For some reasons I don't get alerts when there are posts in some forums, I apologize for this. I've got the Group Policy set correctly for our BitLocker-enabled systems. There doesn't seem to be a way, however to encrypt a drive, from the GUI and avoid the "Choose a way to unlock this drive" dialogue. The systems are configured via Group Policy, to save their keys in AD and that's enough for us. We did find a way to avoid these dialogues by just running manage-bde.exe. This allows us the flexibility to just encrypt the drive and let the keys get saved in AD.Orange County District Attorney