ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Unsolved BitLocker central management?

    IT Discussion
    microsoft bitlocker
    4
    8
    863
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Mike Davis
      Mike Davis last edited by

      I inherited a network where a few of the workstations are BitLockered. I searched the server and can't seem to find central management. The server is running Server 2008 Standard. I can't even find a group policy related to BitLocker. What should I be looking for to see if it's centrally managed? If they aren't centrally managed, is there something I can load on Server Essentials 2016 to manage them? I looked at MBAM, but doesn't look like it will run on Server Essentials.

      1 Reply Last reply Reply Quote 3
      • coliver
        coliver last edited by

        If MBAM doesn't exist and there is no Group Policy I doubt it would be centrally administered. You can also right-click on the root domain in ADUC, if it is backing up keys to AD then there should be a Find Bitlocker Recovery Password option available.

        1 Reply Last reply Reply Quote 3
        • Mike Davis
          Mike Davis last edited by

          @coliver Thanks. Nothing in AD. Is there anything else that can be used instead of MBAM to manage the keys?

          DustinB3403 coliver 2 Replies Last reply Reply Quote 0
          • DustinB3403
            DustinB3403 @Mike Davis last edited by

            @Mike-Davis said in BitLocker central management?:

            @coliver Thanks. Nothing in AD. Is there anything else that can be used instead of MBAM to manage the keys?

            I thought GPO offered this capability (likely with MBAM). Which if the systems are individually encrypted, you'd have to redo all of this with MBAM anyways. . .

            coliver 1 Reply Last reply Reply Quote 0
            • coliver
              coliver @Mike Davis last edited by

              @Mike-Davis said in BitLocker central management?:

              @coliver Thanks. Nothing in AD. Is there anything else that can be used instead of MBAM to manage the keys?

              Not unless there is a third party software managing it. Just as a forewarning, MBAM kind of sucks.

              dbeato 1 Reply Last reply Reply Quote 1
              • coliver
                coliver @DustinB3403 last edited by

                @DustinB3403 said in BitLocker central management?:

                @Mike-Davis said in BitLocker central management?:

                @coliver Thanks. Nothing in AD. Is there anything else that can be used instead of MBAM to manage the keys?

                I thought GPO offered this capability (likely with MBAM). Which if the systems are individually encrypted, you'd have to redo all of this with MBAM anyways. . .

                MBAM does this in a package but you can configure group policies to backup keys directly to Active Directory with a schema extension.

                1 Reply Last reply Reply Quote 1
                • dbeato
                  dbeato @coliver last edited by

                  @coliver Agreed, this is what I have been noticing more and more. Some places have like a USB key others just have the keys backup with AD DS but MBAM is not supported on your scenarios. You probably need an additional system to centralized Bitlocker encryption.

                  1 Reply Last reply Reply Quote 0
                  • coliver
                    coliver last edited by

                    The real solution is just don't do bitlocker... Use file level encryption or something similar. I just don't see much utility for bitlocker outside of personal devices.

                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post