Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to save the recovery key in AD through MDT 2008

Posted on 2008-11-13
6
Medium Priority
?
877 Views
Last Modified: 2013-12-12
Bitlocker activation in the MDT 2008 task sequence works great! In the lite touch deployment you can check the box that will tell it to save the recovery key in AD. When the task sequence is complete and drive encryption is complete, for some reason the key is not getting stored in AD. Why isn't the lite touch deployment storing the key in AD for me? I have verified the laptop IS in the domain while the encryption is occuring. Any thoughts?
Even though i set the value in customsettings.ini file, nothing is getting refelected in the Enbale bitlocker wizard. Below are the values set in the INI file;

SkipBitLocker=NO
BDEInstallSuppress=NO
BDEDriveLetter=Q:
BDEInstall=TPM
BDERecoveryKey=AD
BDEWaitForEncryption=TRUE
0
Comment
Question by:KC2TC
  • 4
4 Comments
 
LVL 13

Expert Comment

by:Kelvin_King
ID: 22959172
I have had the problem as well when setting up key escrow for BitLocker.

I'm not sure if it's the same problem, but for me it was because BitLocker requires that you extend the schema in the AD.

I can't remember the exact steps I did, but this is the documentation which I followed

http://www.microsoft.com/downloads/details.aspx?FamilyID=3a207915-dfc3-4579-90cd-86ac666f61d4&displaylang=en

Hope it helps you
-Kelvin
0
 
LVL 13

Expert Comment

by:Kelvin_King
ID: 22959200
I found this useful as well
http://technet.microsoft.com/en-us/library/cc766015.aspx

There are some scripts which you need to run to extend the AD schema.

And even then, I remembered that the scripts were written wrongly. I had to contact the BitLocker technical support team, send them the script and had them correct it for me.

I hope times have changed....

-Kelvin
0
 
LVL 13

Accepted Solution

by:
Kelvin_King earned 2000 total points
ID: 22959247
After doing a little bit more searching, also keep in mind that if you are using Windows server 2003, you'll need to install the WIndows Server Administration Tools for SP1:

http://www.microsoft.com/downloads/details.aspx?FamilyID=E487F885-F0C7-436A-A392-25793A25BAD7&displaylang=en

- Kelvin
0
 
LVL 13

Expert Comment

by:Kelvin_King
ID: 23251876
Did the information help you?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Conducting a customer service survey used to be as straightforward as sending a template email out using checkboxes and numerical rating systems to measure satisfaction.
Although free tools can be helpful to a limited extent, it’s better to stick to paid versions for business use.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question