Avatar of lianne143
lianne143
Flag for United States of America asked on

Setting up BitLocker on laptops without TPM and save the password in the Active directory

Hi
I have laptops with Windows 7 enterprise installed and don’t have TPM modules in these laptop. Our management is concerned about the security of the data on the laptops if stolen or lost and have asked me to encrypt the laptop drive.

Is it possible to set up bit locker on Window 7 Enterprise laptops without using TPM and I would like to set password for the encryption.
Whenever the laptop boots, I would like to laptop to prompt for the password and when the user keys in the password, it must get into windows.

Also I would like the save the password (Keys) to Active Directory. In case the user forgets the password, we must be able to recover the password for them.

Please can step by step tutorial be posted and Thanks in advance.
Encryption* BitLockerWindows Server 2012Active DirectoryWindows 7

Avatar of undefined
Last Comment
McKnife

8/22/2022 - Mon
SOLUTION
Wayne88

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Cliff Galiher

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
lianne143

ASKER
I mean once the bitlocker is set up on the laptop- The recovery keys saved on the AD.

We have 60 Laptops , that needs encrypted. It will be difficult to setup USB sticks to to each laptop and staff have to carry the USB with their laptops and if they misplace the USB or lose the laptop bag (with laptop and USB) the data can fall into wrong hands.

Is there any other way we can set up with windows 7 without the startup keys in USB.
ASKER CERTIFIED SOLUTION
Cliff Galiher

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Michael Smolens

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
McKnife

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
McKnife

Lianne, could you explain what you concluded after reading these suggestions? I would be glad to hear, because they could be seen as contradictory and all were answers to you.
lianne143

ASKER
Hi McKnife

Our laptops are Windows 7 enterprise without TPM.I understand with the current configuration of our laptop, if I set bit locker laptops, I need to issue the USB sticks with the password on it for all the staff to boot up the laptop.
We are going to disable the USB stick on the Laptops on our network.
In case we don’t disable the USB and give USB stick (with password) to boot the laptop, we can’t expect every staff to carry the USB stick at all the times and also if they lose the stick with the laptop bag -Data is stolen?

I installed Veracrypt on a laptop and it encrypts the hard drive and also asks to create a recovery CD during the setup and instruction says to keep CD safe,  in case if any data needs recovered from the laptop hardisk. So planning to create the recovery disc for all the laptops and keep the disc in the safe location.

Now after installing the VeraCrypt on the laptop and when the laptop boots it asks for a password on the dos screen, Once this is keyed in, the laptop boot to windows and stays at the Cntrl+Alt+Del screen for the domain user credentials.
Thanks
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
McKnife

Why would you need veracrypt? You were shown how to use a a password with bitlocker on windows 7 - without needing anything else.
I had a feeling that you still had not understood that and you confirmed that.