Improve company productivity with a Business Account.Sign Up

x
?
Solved

bitLocker GPO best practice settings

Posted on 2013-10-31
2
Medium Priority
?
1,151 Views
Last Modified: 2013-10-31
Hi,

We've enabled machines to be able to store TPM information in AD, run the add-tpm script, and would now like to configure the BitLocker GPO according to some sort of best practice reference. Ideally, we would like to store a recovery password in AD. Any ideas where we can get hold of one?

Thanks!
0
Comment
Question by:rookie_b
2 Comments
 
LVL 26

Accepted Solution

by:
Tony J earned 2000 total points
ID: 39613773
Have you read the following best practices guides from MS?

http://technet.microsoft.com/en-us/library/dd875532(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/jj592683.aspx

As for storing the recovery password in AD - there are some step-by-step steps here:

http://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx

They also provide the scripts you need to run to achieve what you're trying to do.
0
 

Author Closing Comment

by:rookie_b
ID: 39614684
Excellent!
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question