Hello, Is there an administrative template that includes Bitlocker Windows 7 group policy settings for Windows 2003 SP2 domain GPOs? After updating the the schema, I need to require that Windows 7 workstations store their Bitlocker keys in AD, via GPO. Thank you.

What you have to do is to create a GPO via Group Policy Managements tools from a Windows 7 workstation, where you install Remote Server Administration Tools (RSAT). There is no way to manage Windows 7 specific settings in a GPO from a Windows Server 2003 server. Download and install RSAT from http://www.microsoft.com/Downloads/details.aspx?familyid=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en and then add the Windows feature "Group policy management" via "Turn Windows features on or off". Then create or edit a GPO to set the GPO settings for BitLocker in Windows 7.

Thanks, that answers my question. On a similar topic, I read that although Windows 2008 contains the Bitlocker schema extensions by default, if you transition a domain from Windows 2003 to Windows 2008, it is still required to run the Bitlocker schema update scripts as a followup step. Is this also the case with Windows 2008 R2?

Thanks, that answers my question. On a similar topic, I read that although Windows 2008 contains the Bitlocker schema extensions by default, if you transition a domain from Windows 2003 to Windows 2008, it is still required to run the Bitlocker schema update scripts as a followup step. Is this also the case with Windows 2008 R2? What you have to do when introducing a Windows Server 2008 or 2008 R2 into a domain currently holding Windows Server 2003 servers is to extend the schema in the present domain, which includes all the necessary changes for storing BitLocker information. Where did you hear about manual steps required even after extending the schema?

Here's the segment from this page: http://technet.microsoft.com/en-us/library/dd875520%28WS.10%29.aspx "If you are running Windows Server 2008, follow the same process described for Windows Server 2003 with SP1 or later, with one exception: you do not need to update the schema as described later in this document. However, you must still run the Add-TPMSelfWriteACE.vbs script in order to back up the TPM recovery password in a domain upgraded from Windows Server 2003 to Windows Server 2008."