previously bitlocker encrypted then joined to domain with pass store in AD gpo
I am testing the following scenario. I have a laptop that is not joined to the domain. Enable bitlocker to encrypt the drive and print / save the key. I then join the computer to the domain and place the computer object in an OU that has a GPO applied to not allow bitlocker unless you can store the recovery information in AD. After gpupdate to update policy settings I am prompted for a reboot and gpresult /r show that I am processing the bitlocker settings. The recovery key does not get updated in the computer object in AD. Is there any possible way to upload existing recovery key information to AD if the drive was encrypted with bitlocker before processing the AD gpo settings? Thanks, Chris
November 8th, 2010 2:28pm

Hi Chris, Thanks for posting in Microsoft TechNet forums. I understand your question is you want to know if it is possible to upload existing recovery key information to AD if the driver was encrypted with bitlocker before. The transmission of recovery information from a Windows 7–based client computer to AD DS is protected by using the Kerberos authentication protocol. Specifically, the connection uses the authentication flags ADS_SECURE_AUTHENTICATION, ADS_USE_SEALING, and ADS_USE_SIGNING. You can refer: Does BitLocker encrypt recovery information as it is sent to AD DS? These links maybe helpful to you: BitLocker Drive Encryption in Windows 7: Frequently Asked Questions BitLocker Recovery Password Viewer for Active Directory Also you can ask Windows Server Forum for further help: http://social.technet.microsoft.com/Forums/en-US/category/windowsserver The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding. Hope it helps. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2010 1:18am

Hi, Do your resolve the problem? Please feel free to give me any update. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
November 14th, 2010 7:59pm

Hi, I will mark my reply as answer. It could help other communities here who have the same issue. Thanks for your cooperation! Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 18th, 2010 1:00am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics