Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Bitlocker backup to AD

07 Dec 2009   #1

Windows 7 Enterprise
Bitlocker backup to AD

I'm having trouble getting my clients to backup the bitlocker info to AD. I've followed the Configuration Guide (we're running Win2k3R2 domain controllers) as well as the Testing steps detailed in the guide. I'm successfully able to backup TPM information, but the FVE information isn't even attempted to be backed up to AD. I've checked the GPO, and checked the registry on the client as well, and HKLM\SOFTWARE\Policies\Microsoft\FVE\ActiveDirectoryBackup and RequireActiveDirectoryBackup are both set to 1.

It looks like those two GPO objects are being set, but not enforced. I think that because I don't have any 513 or 514 errors in the System Event Log (for FVE anyway - I see the 514 for the TPM backup), and I did a packet capture and don't see a conversation happening between the client and any of my DC's. Also, Bitlocker successfully encrypts the volume, which I thought it shouldn't do until it successfully backed up the recovery information to AD, and it's not there (I used a regular LDAP browser as well as the add-on for AD Users & Computers and the FVE entries are nowhere to be found).

I was able to replicate this on two Win7 Enterprise x64 clients. I'm at a loss at this point at even where else to look for hints of what's going on.

Thanks for any help.

- Joe
My System SpecsSystem Spec
07 Dec 2009   #2

Windows 7 Enterprise
Resolved: BitLocker to AD

Seems like all I had to do was post and that got me in the right direction...

There are different GPO settings based on the OS. I set the Vista ones correctly, but not the Win7 ones, so I adjusted the settings in the GPO (have to set within Operating System Drives, Fixed Data Drives, and Removable Data Drives as well as in the BitLocker Drive Encryption folder).

They must look at different registry keys as well, as I checked those on the client before, but there must be multiple places.

My System SpecsSystem Spec
07 Dec 2009   #3

win 7

u may go to seach some info from msdn
My System SpecsSystem Spec


Thread Tools

Similar help and support threads
Thread Forum
How can I backup and recover BitLocker drive if using Acronis?
Hello windows seven, I was thinking for this... Local Disk C --> either bitlocker encrypted or unencrypted. Local Disk D --> bitlocker encrypted partition and a space for backup How can I backup and recover if using Acronis?
Backup and Restore
BitLocker USB Backup Stick
Iíve been using BitLocker for quite some time now without any problem on my windows 7 laptop using the USB flash drive. I also have the Recovery key in case of emergency. However, I canít help but think that if the USB was ever lost, damaged or became corrupted entering the recovery key would be...
System Security
BitLocker Drive Encryption - BitLocker To Go - Turn On or Off
How to Turn Windows 7 BitLocker To Go On or Off for Removable Drives BitLocker To Go is used to encrypt and password protect any removable external hard drives and USB flash drives. The drives must be formatted using either the exFAT, FAT16, FAT32, or NTFS file system and must be at least...
How to backup bitlocker USB key?
About a year ago, I bought a Windows 7 (Ultimate? ) computer from a box store and I paid someone from the tech company to set it up. The tech person encrypted the drive with bitlocker and gave me a USB key and said never lose it or you will never be able to start your computer. Every time my...
System Security
BIOS flash error, BITLOCKER on? No bitlocker installed, Win 7 Pro
I tried using HP BIOS Flashing utility on my HP Z400 Workstation, and it says it can't continue because I have Bitlocker enabled, but I don't have bitlocker on Win 7 Professional 32bit. I don't see it on the control panel or in context menus. I do see it set to manual in "Services" but the service...
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 18:55.
Twitter Facebook