Unsolved BitLocker central management?
-
I inherited a network where a few of the workstations are BitLockered. I searched the server and can't seem to find central management. The server is running Server 2008 Standard. I can't even find a group policy related to BitLocker. What should I be looking for to see if it's centrally managed? If they aren't centrally managed, is there something I can load on Server Essentials 2016 to manage them? I looked at MBAM, but doesn't look like it will run on Server Essentials.
-
If MBAM doesn't exist and there is no Group Policy I doubt it would be centrally administered. You can also right-click on the root domain in ADUC, if it is backing up keys to AD then there should be a Find Bitlocker Recovery Password option available.
-
@coliver Thanks. Nothing in AD. Is there anything else that can be used instead of MBAM to manage the keys?
-
@Mike-Davis said in BitLocker central management?:
@coliver Thanks. Nothing in AD. Is there anything else that can be used instead of MBAM to manage the keys?
I thought GPO offered this capability (likely with MBAM). Which if the systems are individually encrypted, you'd have to redo all of this with MBAM anyways. . .
-
@Mike-Davis said in BitLocker central management?:
@coliver Thanks. Nothing in AD. Is there anything else that can be used instead of MBAM to manage the keys?
Not unless there is a third party software managing it. Just as a forewarning, MBAM kind of sucks.
-
@DustinB3403 said in BitLocker central management?:
@Mike-Davis said in BitLocker central management?:
@coliver Thanks. Nothing in AD. Is there anything else that can be used instead of MBAM to manage the keys?
I thought GPO offered this capability (likely with MBAM). Which if the systems are individually encrypted, you'd have to redo all of this with MBAM anyways. . .
MBAM does this in a package but you can configure group policies to backup keys directly to Active Directory with a schema extension.
-
@coliver Agreed, this is what I have been noticing more and more. Some places have like a USB key others just have the keys backup with AD DS but MBAM is not supported on your scenarios. You probably need an additional system to centralized Bitlocker encryption.
-
The real solution is just don't do bitlocker... Use file level encryption or something similar. I just don't see much utility for bitlocker outside of personal devices.
