This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Dear expert,
We are exploring the possibility to enable BitLocker to encrypt our users' drives.
BitLocker seems to be a good solution but
Thanks a lot in advance.
Hi @Eaven HUANG ,
We have done this with GPO.
Here is a quite good guide for that.
Can we save the credentials to local AD?
Yes.
Do we need to have all the computers have physical TPM in place first?
Without TPM it's hard.
Can AD admins unlock the drives when needed?
Yes.
Hi @T. Kujala ,
Thanks a lot for the video shared, yes, it looks like what we needed.
However we have another issue that we can't use strong password for bitlocker, ours showing create a pin, any idea?
Hello there,
You need physical TPM for BitLocker to work
In a domain network, you can store the BitLocker recovery keys for encrypted drives in the Active Directory Domain Services (AD DS). This is one of the greatest features of the BitLocker Drive Encryption technology for corporate users.
You should verify if your AD schema version has attributes required to store BitLocker recovery keys in Active Directory.
------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
thanks a lot @Limitless Technology , I've tested and yes it's stored in our AD, fantastic! I still have issues that non-admin users can't turn it on due to access denied, we can't set up strong password, maybe I will raise a new question regarding these new concerns.
Thanks again.
See my article for automation scripts: https://www.experts-exchange.com/articles/33771/We-have-bitlocker-so-we-need-MBAM-too.html
