Hello,

Just was looking for some information regarding Bit locker/TPM info in Ad.

Were currently running a Windows 2008 R2 domain, and were thinking about enabling bitlocker on our new Windows 8.1 boxes. I was just wondering if we enable only the bitlocker recovery keys into Ad and not the TPM info, does this cause any issues.

Update:

I've done some testing , enabling Hard Drive with bit locker and putting it into another computer, I input the bitlocker recovery password  and am able to boot up. Then i put it back in the original computer and it boots normally. So I'm wondering the importance the TPM has in terms of needing to back it up?

Thanks for any clarification you can provide?

• Edited by hmh_it Friday, March 21, 2014 4:20 PM

Hi,

Backing up the TPM owner information for a computer allows administrators in a domain to remotely configure the TPM security hardware on the local computer. For example, administrators might want to reset the TPM to the manufacturers defaults when they decommission or repurpose computers, without having to be present at the computer.

You can use AD DS to store TPM owner information for use in recovery situations where the TPM owner has forgotten the password or where you must take control of the TPM.

If you do not need this function above, it would work as well.