Bitlocker on Selected External HDD's using a Domain based recovery key.
Yes, we can backup recovery information of drives when we start encryption in AD DS. I am assuming Windows 7 as the Operating System. You need to enable a GPO to backup recovery information if you are using BitLocker. How to configure GPO for bitlocker http://blogs.technet.com/b/askcore/archive/2010/02/16/cannot-save-recovery-information-for-bitlocker-in-windows-7.aspx Now once the drive is bitlocker protected by a password you can enable auto-unlock feature only on a machine which has OS drive also encrypted. To unlock a drive on any computer, we require either password or 48 digit recovery password which is backed up in AD DS. recovery passwords are unique to volume. So if you encrypt 10 HDD, you will have 10 different 48 digit recovery pwd backed up in AD. Manoj Sehgal
August 24th, 2012 1:04pm

Hi, We are looking into deploying bitlocker in our organisation, but only want to encrypt ONLY selected external HDD's for backup purposes. Ideally we would like to have a domain based recovery and authentication key that we push out via a GPO but then have users be able to connect a pre-encrypted bitlocker drive and have it run without needing to enter a password. That way our IT team can encrypt the drives before handing them out to users, without having to manage separate recovery keys and passwords for each drive. and be able to read them on any PC that is a member of the domain. Is this at all possible with Bitlocker? Thanks. James
Free Windows Admin Tool Kit Click here and download it now
August 24th, 2012 9:13pm

Yes, we can backup recovery information of drives when we start encryption in AD DS. I am assuming Windows 7 as the Operating System. You need to enable a GPO to backup recovery information if you are using BitLocker. How to configure GPO for bitlocker http://blogs.technet.com/b/askcore/archive/2010/02/16/cannot-save-recovery-information-for-bitlocker-in-windows-7.aspx Now once the drive is bitlocker protected by a password you can enable auto-unlock feature only on a machine which has OS drive also encrypted. To unlock a drive on any computer, we require either password or 48 digit recovery password which is backed up in AD DS. recovery passwords are unique to volume. So if you encrypt 10 HDD, you will have 10 different 48 digit recovery pwd backed up in AD. Manoj Sehgal
August 25th, 2012 12:38pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics