Solved

bitLocker GPO best practice settings

Posted on 2013-10-31
2
879 Views
Last Modified: 2013-10-31
Hi,

We've enabled machines to be able to store TPM information in AD, run the add-tpm script, and would now like to configure the BitLocker GPO according to some sort of best practice reference. Ideally, we would like to store a recovery password in AD. Any ideas where we can get hold of one?

Thanks!
0
Comment
Question by:rookie_b
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Accepted Solution

by:
Tony Johncock earned 500 total points
ID: 39613773
Have you read the following best practices guides from MS?

http://technet.microsoft.com/en-us/library/dd875532(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/jj592683.aspx

As for storing the recovery password in AD - there are some step-by-step steps here:

http://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx

They also provide the scripts you need to run to achieve what you're trying to do.
0
 

Author Closing Comment

by:rookie_b
ID: 39614684
Excellent!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question