Q: If I deploy the Microsoft BitLocker Administration and Monitoring client to a machine already encrypted with BitLocker, will it extract the recovery key stored in Active Directory and write to MBAM's SQL Server database?
AD and MBAM don't play well together, at least when it comes to extracting and storing recovery keys.
September 25, 2011
A: Typically, when the Microsoft BitLocker Administration and Monitoring (MBAM) solution is deployed to clients, it enables a user- or policy-initiated encryption of the local volumes using BitLocker and stores the recovery key in the MBAM SQL Server database for easy lookup by the user or the Help desk.
If a machine is already BitLocker-encrypted before the MBAM client is installed, then when the MBAM client is installed, the recovery key is extracted from the machine’s local store and sent to the MBAM SQL Server database. It’s not possible for MBAM to perform a bulk extraction from AD and populate its SQL Server data store.
To read more FAQs, go to John Savill's Windows IT Pro FAQs page.
Read more about:
MicrosoftAbout the Author
You May Also Like