Configure Active Directory to Store BitLocker Recovery Keys – Complete Guide with Troubleshooting

Опубликовано: 08 Октябрь 2024
на канале: NetITGeeks

15,309

125

Demo on how you can setup your Active Directory Domain Controller to store BitLocker Recovery Keys of your Windows 10 and Windows 11 clients. Near the end of the video I mentioned that you can automate the process of clients sending the BitLocker Recovery Keys to the AD and I have posted a tutorial for it at:    • How to fix BitLocker Recovery Key fai...

Don't forget:
gpupdate /force
Get-BitLockerVolume -MountPoint C:

Cmdlets used (troubleshooting):
$BLV = Get-BitLockerVolume -MountPoint "C:"
Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[1].KeyProtectorId

Instructions: https://sanuja.com/blog/configure-act...

This demonstration uses Windows Server 2022 server and Windows 11 Professional. But the principles are same for Windows Server 2012 through 2022 (Windows Server 2022 / 2019 / 2016 / 2012). There is only a minor settings/GUI differences among most of the previous versions of Windows Servers. The BitLocker Feature add-on for previous Windows Server versions may not prompt you to add the required components when installing it. Please refer to the video for more information. The enforced GPO settings will work on Windows 11, 10 and previous versions of client Operating Systems connected to the domain Active Directory.

-Intro to Group Policy Management:    • Introduction to Group Policy Manageme...
-Create Active Directory OUs and Users:    • Create Active Directory Organizationa...
-Install AD DS on Windows Server 2022 Core:    • Install Active Directory Domain Contr...
-Initial configs:    • Windows Server 2022 Core Initial Conf...
-GPO for logon/logoff scripts:    • How to execute logon and logoff scrip...

-Windows Server Admin playlist:
   • Windows Server Administration
-Microsoft Windows playlist:
   • Microsoft Windows

Chapters:
00:00 - Add BitLocker Drive Encryption to snap-in
03:59 - Fix missing BitLocker Recovery Tab
06:00 - Creating and setting up the GPO
13:22 - Updating and setting up the client
18:00 - Stored BitLocker Keys in AD
18:34 - Fix missing BitLocker Keys in AD
21:22 - Check the status of encryption

Track: WhileART Sessions Episode 02 | Waramathi (වරමාතී) Fusion
Watch:    • WhileART Sessions Episode 02 | Warama...

https://sanuja.com

Co-producer:
Manuja Senanayake

#windowsserver2022 #bitlocker #server #windowsserver