locked
Bitlocker RRS feed

  • Question

  • Can i create NAP Policy to verify that bitlocker is enabled?
    Wednesday, April 29, 2009 1:28 PM

Answers

  • Hi,

    For the link that I provided, the answer is yes. Essentially, you need to have a SHA (client side) and SHV (server side) that can monitor (client) and validate (server) bitlocker. The bitlocker client service talks to the SHA, which in turn reports to the enforcement client that communicates with NPS for validation.

    There can be other SHAs written to perform this function, but I'm not aware of these yet. Others may know, and more might be written in the future.

    I know that Forefront does much more than just monitor Bitlocker, so you're getting a lot more than you asked for here. I wish the WSHA monitored this, but it doesn't have this capability yet.

    -Greg
    Friday, May 1, 2009 1:44 AM

All replies

  • Hi,

    This is available if you use the Stirling SHA/SHV. See http://technet.microsoft.com/en-us/library/dd641598.aspx for more information.

    -Greg
    Wednesday, April 29, 2009 10:20 PM
  • Thank you for the link.  In reading this do I need to purchase and install forefront clients and server to implement this? 

    Dan

    Thursday, April 30, 2009 12:07 PM
  • Hi,

    For the link that I provided, the answer is yes. Essentially, you need to have a SHA (client side) and SHV (server side) that can monitor (client) and validate (server) bitlocker. The bitlocker client service talks to the SHA, which in turn reports to the enforcement client that communicates with NPS for validation.

    There can be other SHAs written to perform this function, but I'm not aware of these yet. Others may know, and more might be written in the future.

    I know that Forefront does much more than just monitor Bitlocker, so you're getting a lot more than you asked for here. I wish the WSHA monitored this, but it doesn't have this capability yet.

    -Greg
    Friday, May 1, 2009 1:44 AM