Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [bitlocker]

Microsoft Windows technology for full disk(volume) encryption.

BitLocker is a full disk encryption feature that adds a layer of security to storage devices to protect data and sensitive information from falling into the wrong hands. BitLocker is available in the Windows 7 Enterprise and Ultimate Operating Systems as well as Windows Server 2008 and 2008 R2 Operating Systems.

Features include:

  • Multi-factor authentication
  • Ability to encrypt Removable storage devices
  • AES 128-bit encryption
  • Group Policy and Active Directory integration
143 questions
3
votes
1 answer

Bitlocker device name change

When imaging our PCs we generally create a temp name for our facilities to change the device name to whatever particular department fits their needs. The issue is we can't send out any devices without encryption, we happen to use Bitlocker…
Batman667
  • 31
  • 4
3
votes
1 answer

Is there any difference between BitLocker's recovery key file and numerical password?

Is there any difference between a BitLocker recovery key file and numerical password that would negatively impact my ability to unlock the drive in a disaster scenario? I frequently encrypt USB hard drives that are used for backups with BitLocker. …
I say Reinstate Monica
  • 3,132
  • 7
  • 28
  • 52
3
votes
3 answers

How can I prevent the compromise of a Domain Controller on ESX stored in a unsecured location?

A client of ours has a DC that will be located in an insecure location. RODCs and separate domains/forests are not permitted by management. All the servers will be located on a VMWare ESX server. I'm interested in VMWare, Windows, AD configurations…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
3
votes
2 answers

Windows Active Directory Bitlocker deployment

I am experimenting with bitlocker deployment via AD at work. Have googled all over the internet, but the most useful reference seems to be: http://technet.microsoft.com/en-us/library/cc766015(v=ws.10).aspx Server 2012 R2, fully updated. Test…
Edward Ned Harvey
  • 512
  • 3
  • 6
  • 14
3
votes
2 answers

Security of BitLocker with no PIN from WinPE?

Say you have a computer with the system drive encrypted by BitLocker and you're not using a PIN so the computer will boot up unattended. What happens if an attacker boots the system up into the Windows Preinstallation Environment? Will they have…
Scott Bussinger
  • 1,801
  • 4
  • 24
  • 27
3
votes
2 answers

Verify who has Bitlocker key backed up via PowerShell?

We currently use Bitlocker on our laptops here at work. The helpdesk are responsible for backing the Bitlocker key up to AD when they build the system. We ran into an issue recently where a user had a hardware problem that set Bitlocker off, so it…
Don
  • 838
  • 8
  • 19
  • 33
2
votes
2 answers

Certificate expiration does not match validity period in template (Windows CA)

I'm trying to request a new Bitlocker DRA certificate from my internal CA. The template is set to two years, as shown here Template I'm trying to request a new certificate via the Certificates MMC via "Personal > Certificates > All Tasks > Request…
user3708583
  • 21
  • 3
2
votes
1 answer

Enable-Bitlocker -TpmProtector via GPO does not work (0x80070522)

I am trying to automate the bitlocker in our corporate environment. I have written a script which enables the bitlocker and it works fine if I run it manually, but whenever I implement it via GPO (startup script) right after Enable-BitLocker…
2 B
  • 29
  • 4
2
votes
1 answer

Is my plan for Bitlocker deployment missing anything?

1.) Confirm that TPM is activated in the BIOS of all workstations.  - All of these workstations are using Windows 10 Pro, which I believe automatically activates the TPM chip when the OS is installed right? I read that here…
destinyunbound3
  • 29
  • 1
2
votes
2 answers

Bitlocker - "Recovery information was successfully backed up to Active Directory", but not really?

I have a device that needs to have its' bitlocker recovery backup up to AD for visibility in the "Bitlocker Recovery" tab of the object in Active Directory. I found that the device only had a TPM protector. So I added a Numerical Password. I want…
beansbeans
  • 71
  • 1
  • 8
2
votes
1 answer

Windows encrypted software raid

Is it possible to have (preferrably with Windows-on-board tools of Windows Server 2012 R2 and Windows Server 2016) to have a software raid mirror on 2 encrypted disks? (Locally preferred.) From what I know, I have to use an SSD for normal/fast…
Andreas Reiff
  • 201
  • 3
  • 10
2
votes
0 answers

Cannot save BitLocker keys to ADDS for certain machines

We have several Windows 10 laptops (Win10 Enterprise, most running Build 1803, here in our main office and in multiple co-locations. We are implementing BitLocker company-wide and we have a GPO that enables and (should) save the BitLocker key to…
KidACrimson
  • 330
  • 1
  • 10
  • 26
2
votes
2 answers

Checking which PCR triggered for BitLocker recovery

We have an MBAM server and tested policies which work normally for nearly every machine we've migrated. Though, I have seen 3 systems now that prompt for a recovery key instead of the users PIN. After recovering, each subsequent reboot asks for…
Residualfail
  • 89
  • 1
  • 10
2
votes
1 answer

Encrypting mapped network drives in Windows

I have Win Server 2012 and the drives of one of the HDDs connected to it are mapped as network drives in a Windows 10 client. If I encrypt those drives using bitlocker with the user account on the client, will it also be accessible for the admin…
Supernova
  • 23
  • 1
  • 4
2
votes
1 answer

how do I view current tpm owner in windows?

How do I see if a TPM owner has already been set? All see are examples of how to clear the TPM, reset owner password, change owner. I just want to see if the owner is set and possibly who it is set to. Looking in tpm.msc its not obvious to me…
red888
  • 4,183
  • 18
  • 64
  • 111
1 2
3
9 10