![]() ![]() In the same Policy, now navigate to Computer ConfigurationAdministrative TemplatesSystemTrusted Platform Module Services. Read the included Help text to determine what is appropriate for your environment. You can repeat this for the other types of drives as well. ![]() This prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. ![]() Specify that you want to store Recovery passwords and key packages and check the option for Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives. The core settings for all three are pretty similar, just Double click the Choose how BitLocker-protected drives can be recovered setting and Enable it. There you will see three more folders that contain the settings for how Windows R2 manage the BitLocker information for three different kinds of drives: Fixed, Operating System and Removable. Create a new Group Policy and navigate to Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive Encryption. Below are the steps to configure Windows R2, but if you need Vista or 2008 you'll find the instructions on TechNet here. Now that Active Directory is ready to store the BitLocker and TPM information, we need a policy that will cause the computers to actually write that information. This looks like it might be helpful Opens a new window The user makes up the password, the encryption key is stored in AD. You can unlock a bitlocker encrypted drive by the password or the encryption key. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |