![]() ![]() Verifying the configurations made using the described tools and procedures in the documentĥ. ”Turn on TPM backup to Active Directory” = Enabled (Verify that the Require TPM backup to AD DS check box is selected)Ĥ. “Turn on BitLocker backup to Active Directory” = Enabled (Verify that the Require BitLocker backup to AD DS check box is selected) Create and link a GPO to the computers OU, setting this: Set required permissions using “cscript Add-TPMSelfWriteACE.vbs”ģ. Extend AD Schema “ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=nttest,dc=microsoft,dc=com" -k -j. I’m always using this guide from Microsoftġ. As always I extended the Active Directory Schema so the clients were able to store the BitLocker Recovery Password in Active Directory. ![]() Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest.Lately I have been working at a deployment project where the customer wanted to enable BitLocker Drive Encryption at all computers with a TPM chip. The BitLocker Active Directory Recovery Password Viewer is an extension for the Active Directory Users and Computers MMC snap-in.Īfter you install this tool, you can examine a computer object’s Properties dialog box to view the corresponding BitLocker recovery passwords. You can use this tool to help recover data that is stored on a volume that has been encrypted by using BitLocker. “The BitLocker Active Directory Recovery Password Viewer lets you locate and view BitLocker recovery passwords that are stored in AD DS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |