how to enable Bitlocker over a forest and domain?

DoubleD

i got stuck on this part any one know how to enable Bitlocker over a forest and domain.
it really bugs me out!

Find more posts tagged with

SAVE $250 on Your Microsoft Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Microsoft Boot Camps

Comments

colemic

Yikes, JMO, but I would absolutely not do this (assuming you are talking real world and not a test/lab scenario.) I don't even know if it is possible, but you are asking for a serious world of hurt if you push it out, and someone screws up creating their recovery key, or something goes wrong. I would do every single one of them individually.

Psoasman

colemic wrote: »

Yikes, JMO, but I would absolutely not do this (assuming you are talking real world and not a test/lab scenario.) I don't even know if it is possible, but you are asking for a serious world of hurt if you push it out, and someone screws up creating their recovery key, or something goes wrong. I would do every single one of them individually.

Agreed. Your service calls would probably increase. You would have to thoroughly plan everything out and test it.
That being said, there are GP settings you can use for this.
BitLocker Drive Encryption Documentation for Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008

rjs_essex

colemic wrote: »

Yikes, JMO, but I would absolutely not do this (assuming you are talking real world and not a test/lab scenario.) I don't even know if it is possible, but you are asking for a serious world of hurt if you push it out, and someone screws up creating their recovery key, or something goes wrong. I would do every single one of them individually.

It is absolutely possible. I have rolled out Bitlocker accross my entire forest within two seperate domains. All controlled by Group Policy. It took a fair amount of configuring but it works beautifully.

There is absolutely NO WAY I would have the time to create keys and backups individually. How do you think huge companies with large forests handle their encryption?

I have all of the recovery keys for hundreds of laptops for hundreds of users backing up to Active Directory using personal 6 digit pin numbers. I implemented everything down to the smallest detail myself and it works beautifully.

Richard

Meshax

Hello,
Could you assist me with a step by step on how you managed to administer BitLocker on all machines in the domain.

rjs_essex, I would really appreciate to have this.

kriscamaro68

We have bitlocker across all our laptops in our domain but the helpdesk enables it manually with GPO's in place to take care of everything else.