backing up recovery information for Bitlocker in AD

Is this what we would need to configure Active Directory to backup Bitlocker recovery information?

We have to run all these scripts? Does anyone have step by step directions that are more simple? Thanks

Using 2008 server with Win 7 Enterprise clients.
Thomas NSystems Analyst - Windows System AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
Also we are going to use MBAM 2.5. Right now stand alone but eventually be integrated with SCCM
FOXActive Directory/Exchange EngineerCommented:
FOXActive Directory/Exchange EngineerCommented:
Once the environment is configured to accept the recovery keys you can manually run the commands on the workstations or use the vbscript to send them to AD in this link
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
Also so since we dont have SCCM now, would we need to get a script in GPO for all our machines to start encryption?
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
Ok thanks for the good info. One last question, do we need to install a MBAM client on each machine?
Thomas, introducing bitlocker is an important step. But it has  consequences for the usability as well, it will change your backup concept, your security concept and also the concept of using shared computers. To me it seems you are trying to get this done quickly, better today than tomorrow.
Be warned :) Bitlocker has broken many admins' necks.

Instead of linking scripts or other helpful stuff, let me ask you if you don't mind, to look at this small list I have created and see if you can answer these questions, any of them. Unless you can, I would not recommend to start, yet.
1 What bitlocker functions are there for OS drives as opposed to removable drives?
2 Which of those do I need?
3 Do my OS' offer these functions I need?
4 What is it about a TPM that with default settings, only TPM machines may use bitlocker?
5 What would it mean for security not to use a TPM?
6 What does Bitlocker call a protector?
7 What protectors can I use?
8 Depending on the chosen protector(s) and the rest of the setup, what attack types are still possible and can I live with that?
9 What is MBAM and am I entitled to use it?
10 How could we initiate the encryption and what options are there for it?
11 Who would have access to the protectors and their backup information?
12 How would we backup and restore the encrypted drives' contents?
13 What would we do if someone is unable to start their computer because of OS corruption?
14 What to do if someone cannot start their machine because of bitlocker?
FOXActive Directory/Exchange EngineerCommented:
the mbam client is for monitoring.  It is not needed to install bitlocker or to get the keys pushed to AD.  Great to have though.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
Thanks Mcknife but we are already going to install MBAM 2.5. Right now we are doing stand alone but will eventually integrate with SCCM.

Im only responsible for the AD\GPO part.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.