how to enable Bitlocker over a forest and domain?

DoubleDDoubleD Posts: 273Member ■□□□□□□□□□
i got stuck on this part any one know how to enable Bitlocker over a forest and domain.
it really bugs me out!

Comments

  • colemiccolemic Posts: 1,568Member ■■■■■■■□□□
    Yikes, JMO, but I would absolutely not do this (assuming you are talking real world and not a test/lab scenario.) I don't even know if it is possible, but you are asking for a serious world of hurt if you push it out, and someone screws up creating their recovery key, or something goes wrong. I would do every single one of them individually.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • PsoasmanPsoasman Senior Member Posts: 2,687Member ■■■■■■■■■□
    colemic wrote: »
    Yikes, JMO, but I would absolutely not do this (assuming you are talking real world and not a test/lab scenario.) I don't even know if it is possible, but you are asking for a serious world of hurt if you push it out, and someone screws up creating their recovery key, or something goes wrong. I would do every single one of them individually.

    Agreed. Your service calls would probably increase. You would have to thoroughly plan everything out and test it.
    That being said, there are GP settings you can use for this.
    BitLocker Drive Encryption Documentation for Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008
  • rjs_essexrjs_essex Posts: 57Member ■■□□□□□□□□
    colemic wrote: »
    Yikes, JMO, but I would absolutely not do this (assuming you are talking real world and not a test/lab scenario.) I don't even know if it is possible, but you are asking for a serious world of hurt if you push it out, and someone screws up creating their recovery key, or something goes wrong. I would do every single one of them individually.

    It is absolutely possible. I have rolled out Bitlocker accross my entire forest within two seperate domains. All controlled by Group Policy. It took a fair amount of configuring but it works beautifully.

    There is absolutely NO WAY I would have the time to create keys and backups individually. How do you think huge companies with large forests handle their encryption?

    I have all of the recovery keys for hundreds of laptops for hundreds of users backing up to Active Directory using personal 6 digit pin numbers. I implemented everything down to the smallest detail myself and it works beautifully.

    Richard icon_cool.gif
    WIP: 70-417, Security+, Project+, CCNA
  • MeshaxMeshax Posts: 1Registered Users ■□□□□□□□□□
    Hello,
    Could you assist me with a step by step on how you managed to administer BitLocker on all machines in the domain.

    rjs_essex, I would really appreciate to have this.
  • kriscamaro68kriscamaro68 A+, Net+, Server+, Security+, Win7 MCP, Server 2012 Virtualization Specialist, MCSA 2012 Posts: 1,186Member ■■■■■■■□□□
    We have bitlocker across all our laptops in our domain but the helpdesk enables it manually with GPO's in place to take care of everything else.
Sign In or Register to comment.