Q: If I deploy the Microsoft BitLocker Administration and Monitoring client to a machine already encrypted with BitLocker, will it extract the recovery key stored in Active Directory and write to MBAM's SQL Server database?

AD and MBAM don't play well together, at least when it comes to extracting and storing recovery keys.

John Savill

September 25, 2011

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A: Typically, when the Microsoft BitLocker Administration and Monitoring (MBAM) solution is deployed to clients, it enables a user- or policy-initiated encryption of the local volumes using BitLocker and stores the recovery key in the MBAM SQL Server database for easy lookup by the user or the Help desk.

If a machine is already BitLocker-encrypted before the MBAM client is installed, then when the MBAM client is installed, the recovery key is extracted from the machine’s local store and sent to the MBAM SQL Server database. It’s not possible for MBAM to perform a bulk extraction from AD and populate its SQL Server data store.


To read more FAQs, go to John Savill's Windows IT Pro FAQs page

Read more about:

Microsoft

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like