Problems with TPM/Bitlocker Key saving to Active Directory
Hi,I set up a group policy to only allow bitlocker encryption when saving the key to active directory has been successful. Under Windows Vista it worked without problems. Now under Windows 7 I can't get it to work. I did set up the policies with the new admx files for Win7 and the policy works. But in eventlog I see that the keys cannot be stored in AD and so bitlocker cannot be activated.Are there any prerequisites for a domain to store the keys in AD that were not needed for Vista?Thanks,Michael
March 11th, 2010 10:51am

I have the same issue as well. I set up group policy to escrow BitLocker/TPM keys. I setup two laptops one being Vista and the other Windows 7. If I look at the object properties for the Vista laptop I see the recovery info in the Bitlocker tab and I can also search for the keys on the DC. However the Windows 7 laptop is encrypting but the recovery info tab is blank. I'm almost wondering if the keys are being stored in another location not documented.
Free Windows Admin Tool Kit Click here and download it now
March 11th, 2010 6:01pm

Nevermind I found there is another GP setting for Windows 7 in Computer Configuration - Admin Templates - System - Bitlocker Drive Encryption - Fixed Data Drivescalled "Choose how Bitlocker-protected fixed drives can be recovered" from you can set options including escrowing keys to AD. Dear MS can we can please have update docs cause I'm looking the most recent "Configuring Active Directory to Back up Windows Bitlocker......" and it make no mention of this setting. That would be nice.
March 11th, 2010 6:10pm

maybe you can find your solution here: http://technet.microsoft.com/en-us/library/dd875532(WS.10).aspx
Free Windows Admin Tool Kit Click here and download it now
March 12th, 2010 12:50am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics