Hello Everyone we are planning to implement bitlocker in our environment and iam trying to understand how Bitlocker works These would really help me to get going with our plan and deployment. please help Thanks in advance 1. Turn on TPM Backup to AD-> This backups the Hash of the TPM Owner password to AD. Question is under what scenarios will we need to use this TPM owner password 2. After Bitlocker Encryption Lets say the OS goes corrupted on the client like BSOD or any kind of startup erro, Will we have any issues repairing the OS using Win7 Boot DVD . Will reinstalling the OS be possible after drive is encrypted 3. What is the best way of automating Bitlocker Deployment? GPO's or MDT or any other better way? 4. after encryption on client Lets say the motherboard having TPM chip is corrupted and a new mother board is replaced ...What screen will come up on the user laptop ?Will it be Bitlocker recovery password screen

Hi, I'd like to answer your questions as the following: 1. The Trusted Platform Module (TPM) owner password defines who the owner of the TPM is, it can be used to 'reset the TPM'. You can refer the following article for detailed information: http://technet.microsoft.com/en-us/library/cc732542.aspx 2. I consider you can use the following method to unlock the drive. Can I access my BitLocker-protected drive if I insert the hard disk into a different computer? Yes, if the drive is a data drive, you can unlock it from the BitLocker Drive Encryption Control Panel item just as you would any other data drive by using a password or smart card. If the data drive was configured for automatic unlock only, you will have to unlock it by using the recovery key. If it is an operating system drive mounted on another computer running Windows 7, the encrypted hard disk can be unlocked by a data recovery agent if one was configured or it can be unlocked by using the recovery key. 3. Yes, you can automate the deployment and configuration of BitLocker with scripts that use the Windows Management Instrumentation (WMI) providers for BitLocker and TPM administration. How you choose to implement the scripts depends on your environment. You can also use the BitLocker command-line tool, Manage-bde.exe, to locally or remotely configure BitLocker. For additional information about writing scripts that use the BitLocker WMI providers, see the MSDN topic BitLocker Drive Encryption Provider (http://go.microsoft.com/fwlink/?LinkId=80600). Here is a document on how to deploy Bitlocker, see the following: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=41ba0cf0-57d6-4c38-9743-b7f4ddbe25cd 4. Check System recovery section in the following article: http://technet.microsoft.com/en-us/library/cc732774.aspx In addition, I will share the following article for you. BitLocker Drive Encryption in Windows 7: Frequently Asked Questions http://technet.microsoft.com/en-us/library/ee449438(v=ws.10).aspx Best Regards, NikiPlease remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.