none
windows 2016 AD域控如何备份windows 10 Bitlocker恢复信息? RRS feed

  • 问题

  • windows 2016 AD域控如何备份windows 10 Bitlocker恢复信息?

    我在域控中添加新OU,将计算机放入此OU并设置了组策略

    并设置了OU的委派,允许读取该OU中计算机的TPM信息。

    但目前依旧无法备份Bitlocker信息到AD中?

    2018年12月3日 9:34

全部回复

  • Hi,

    If the bitlocker was enabled before joining the domain, please refer to this article:

    https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain

    If not, please refer to this article:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-7/dd875529(v=ws.10)

    Hope the information above can be helpful.

    Best regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    2018年12月4日 7:55
    版主
  • Thank you for your reply

    I have seen the backup policy in AD DS group policy, but it's invalid after implementation.The policy description says only for 2008 and vista?

    Can Windows 10 support group policy backup?

    Only MBAM can be built to manage Windows 10 Bitlocker?

    2018年12月5日 2:49
  • Hi,

    Sorry for my carelessness.

    Can Windows 10 support group policy backup?

    As for windows 10, we can navigate to local group policy editor->computer configuration->administrative templates->windows components->bitlocker drive encryption->operating system drives->choose how bitlocker-protected operating system drives can be recovered, enable this policy with save bitlocker recovery information to AD DS for operating system drives selected.

    Then, please check if there is \HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE in registry.

    After that, assuming the bitlocker was enabled, please run manage-bde -protectors -adbackup C: if it doesn’t work.

    Only MBAM can be built to manage Windows 10 Bitlocker?

    Based on my knowledge, MBAM can manage windows 10 bitlocker but it is not a built-in one.

    Please help correct me if anything is misunderstood.

    Best regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    2018年12月5日 8:14
    版主
  • Thank you for your reply
    I enabled the group policy, and then I did PC encryption,

    I checked the registry and confirmed that there was a FVE,

    But in the input "manage - bde - protectors - adbackup C:" when the tip:

    Error: you need to specify the parameter "-d" to back up recovery information

    I used the /? and did't find any useful information

    What does "-d" mean? SID? Domain name? 

    2018年12月6日 1:34
  •  "manage - bde - protectors - adbackup C:"

    Hi,

    I am afraid there is something wrong with the parameter you type.

    As for how to correctly use this command line, please refer to the following blog:

    https://blogs.technet.microsoft.com/askcore/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7/

    Best regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2018年12月6日 2:40
    版主
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2018年12月12日 8:18
    版主
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2018年12月14日 9:16
    版主
  • Thank you for your reply

    I am very sorry that I was busy with other projects recently and could not reply in time.

    Currently, the test is normal and relevant encryption backup functions can be performed.

    Thank you for your support.

    2018年12月26日 7:15
  • Hi,

    I am glad to hear that your issue was successfully resolved.

    If the information provided was helpful, please "mark it as answer" to help other community members find the helpful reply quickly.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Lavilian


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2018年12月26日 9:16
    版主