Logs in Bitlocker?!
Hello, Ive been trying to find out what kindof capabilities that Bitlocker have when it comes to security logging. So far I cant find anything?! Isnt Bitlocker logging information about authentication in the pre-boot environment? or when users changes keys? (pin, usb, tpm) If bitlocker actually does logging, then here is a followup question: Can log information be accessed centrally? lets say if you are using Windows Server 2008 on the serverside. else this is yet another weakness in Bitlocker. It just doesnt seem like Bitlocker is suitable for enterprise use (yet). Still i've read alot of material from Microsoft that claims that Bitlocker is up for it.
April 21st, 2009 3:57pm

Hereare two excellentdiscussionsabout Bitlocker:TechNet Radio - BitLocker: http://odeo.com/episodes/23908424-TechNet-Radio-BitLockerBitLocker and BitLocker to Go: http://technet.microsoft.com/en-us/windows/dd408739.aspx?ITPID=secnewsCarey Frisch
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2009 6:20pm

Thanks for your answer but unfortunately none of these presentations give any information about central access to bitlocker specific logs, wich I was asking about.
April 23rd, 2009 3:18pm

You can find related information: Core SecurityHope it helps.
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2009 11:06am

Thanks, but again it doesnt say anything about how logs are managed. I clarify my questions: * Does Bitlocker log events in the pre-boot environment? (example: "auth ok", "bad login", "recovery performed", ...) * Does Bitlocker log events on the client while it is in use? (example: "pin changed", "usb key created", "tpm changed owner", ...) * IF any of the first two questions are true: can you access/manage these logs centrally? (example: if you have Bitlocker installed on 1000 clients with a central windows 2008 server) //mt
April 24th, 2009 11:27am

Thanks, but again it doesnt say anything about how logs are managed. I clarify my questions:* Does Bitlocker log events in the pre-boot environment? (example: "auth ok", "bad login", "recovery performed", ...)* Does Bitlocker log events on the client while it is in use? (example: "pin changed", "usb key created", "tpm changed owner", ...)* IF any of the first two questions are true: can you access/manage these logs centrally? (example: if you have Bitlocker installed on 1000 clients with a central windows 2008 server)//mt Hi MTSincenobody seems tohave any focusedinformation for this specific question, here are some links to some of the available documentation for BitLocker.Windows 7 BitLocker Executive OverviewBitLocker Drive Encryption Step-by-Step GuideBitLocker Drive Encryption Operations Guide: Recovering Encrypted Volumes with AD DS Download details: BitLocker Design and Deployment GuidesWindows 7: Technical LibraryHope this helps. Thank You for testing Windows 7 Beta Ronnie Vernon MVP
Free Windows Admin Tool Kit Click here and download it now
April 25th, 2009 2:11am

There are bitlocker logs that you can access from the server if you open up Active Directory. You can right click and choose to manage a computer. From there you want to go to WindowsLogs>ApplicationsAndServicesLogs>Microsoft>Windows>Bitlocker.Hope that helps.
July 13th, 2009 10:21pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics