previously bitlocker encrypted then joined to domain with pass store in AD gpo
I am testing the following scenario.
I have a laptop that is not joined to the domain.
Enable bitlocker to encrypt the drive and print / save the key.
I then join the computer to the domain and place the computer object in an OU that has a GPO applied to not allow bitlocker unless you can store
the recovery information in AD.
After gpupdate to update policy settings I am prompted for a reboot and gpresult /r show that I am processing the bitlocker settings.
The recovery key does not get updated in the computer object in AD.
Is there any possible way to upload existing recovery key information to AD if the drive was encrypted with bitlocker before processing the AD gpo settings?
Thanks,
Chris
November 8th, 2010 2:28pm
Hi Chris,
Thanks for posting in Microsoft TechNet forums.
I understand your question is you want to know if it is possible to upload existing recovery key information to AD if the driver was encrypted with bitlocker before.
The
transmission of recovery information from a Windows 7–based client computer to AD DS is protected by using the Kerberos authentication protocol. Specifically, the connection uses the authentication flags ADS_SECURE_AUTHENTICATION,
ADS_USE_SEALING, and ADS_USE_SIGNING.
You can refer:
Does BitLocker encrypt recovery information as it is sent to AD DS?
These links maybe helpful to you:
BitLocker
Drive Encryption in Windows 7: Frequently Asked Questions
BitLocker Recovery Password Viewer for Active Directory
Also you can ask Windows Server Forum for further help:
http://social.technet.microsoft.com/Forums/en-US/category/windowsserver
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who
read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
Hope it helps.
Regards,
Leo Huang
TechNet Subscriber Support
in forum. If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2010 1:18am
Hi,
Do your resolve the problem?
Please feel free to give me any update.
Regards,
Leo
Huang
TechNet Subscriber Support
in forum. If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
November 14th, 2010 7:59pm
Hi,
I will mark
my reply
as answer. It could help other communities here who have the same issue.
Thanks for your cooperation!
Regards,
Leo Huang
TechNet Subscriber Support
in forum. If you have any feedback on our support, please contact
tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 18th, 2010 1:00am