Planning on implementing Bitlocker in my Win7/Server 2008 AD and storing encyprtion key on TPM chip and backing up to AD. Also we are planning on implementing Certificate services. We are NOT however planning on using Smart Cards. It is unclear from reading MS documentation if that is even possible, and if it is, does it give me any advantage to use Certificate Services with no Smart Cards? Every thing I read about CA and Bitlocker and Data Recovery Agens talks about Smart Cards. Can anyone explain how this scenario would work without them? Thanks! Matt Frac

No, that is not helpful at all. Did you even read my question?Matt Frac

Matt, You can use File Based Certificate as a protector to unlock devices. You require CA in place and the you can use a cert as a DRA to unlock the device. Smart Card is an additional protector which can also be used if you wish. But you still have an option to use either smart card as a DRA or File based cert or both. See blog below which might help you http://blogs.technet.com/b/askcore/archive/2010/10/11/how-to-use-bitlocker-data-recovery-agent-to-unlock-bitlocker-protected-drives.aspx I hope this helps.Manoj Sehgal

Thanks Manoj, that does clear things up a lot! Matt Frac