Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Bitlocker backup to AD

07 Dec 2009   #1

Windows 7 Enterprise
Bitlocker backup to AD

I'm having trouble getting my clients to backup the bitlocker info to AD. I've followed the Configuration Guide (we're running Win2k3R2 domain controllers) as well as the Testing steps detailed in the guide. I'm successfully able to backup TPM information, but the FVE information isn't even attempted to be backed up to AD. I've checked the GPO, and checked the registry on the client as well, and HKLM\SOFTWARE\Policies\Microsoft\FVE\ActiveDirectoryBackup and RequireActiveDirectoryBackup are both set to 1.

It looks like those two GPO objects are being set, but not enforced. I think that because I don't have any 513 or 514 errors in the System Event Log (for FVE anyway - I see the 514 for the TPM backup), and I did a packet capture and don't see a conversation happening between the client and any of my DC's. Also, Bitlocker successfully encrypts the volume, which I thought it shouldn't do until it successfully backed up the recovery information to AD, and it's not there (I used a regular LDAP browser as well as the add-on for AD Users & Computers and the FVE entries are nowhere to be found).

I was able to replicate this on two Win7 Enterprise x64 clients. I'm at a loss at this point at even where else to look for hints of what's going on.

Thanks for any help.

- Joe

My System SpecsSystem Spec
07 Dec 2009   #2

Windows 7 Enterprise
Resolved: BitLocker to AD

Seems like all I had to do was post and that got me in the right direction...

There are different GPO settings based on the OS. I set the Vista ones correctly, but not the Win7 ones, so I adjusted the settings in the GPO (have to set within Operating System Drives, Fixed Data Drives, and Removable Data Drives as well as in the BitLocker Drive Encryption folder).

They must look at different registry keys as well, as I checked those on the client before, but there must be multiple places.

My System SpecsSystem Spec
07 Dec 2009   #3

win 7

u may go to seach some info from msdn
My System SpecsSystem Spec


 Bitlocker backup to AD

Thread Tools

Similar help and support threads
Thread Forum
BitLocker Drive Encryption - BitLocker To Go - Turn On or Off
How to Turn Windows 7 BitLocker To Go On or Off for Removable Drives BitLocker To Go is used to encrypt and password protect any removable external hard drives and USB flash drives. The drives must be formatted using either the exFAT, FAT16, FAT32, or NTFS file system and must be at least...
How to backup bitlocker USB key?
About a year ago, I bought a Windows 7 (Ultimate? ) computer from a box store and I paid someone from the tech company to set it up. The tech person encrypted the drive with bitlocker and gave me a USB key and said never lose it or you will never be able to start your computer. Every time my...
System Security
BIOS flash error, BITLOCKER on? No bitlocker installed, Win 7 Pro
I tried using HP BIOS Flashing utility on my HP Z400 Workstation, and it says it can't continue because I have Bitlocker enabled, but I don't have bitlocker on Win 7 Professional 32bit. I don't see it on the control panel or in context menus. I do see it set to manual in "Services" but the service...
General Discussion
Bitlocker: BitLocker could not be enabled
I am trying to enable BitLocker on a Windows 7 Ultimate x32 system with TPM. I follow the Wizard and when asked to encrypt the drive I select 'Run BitLocker system check' and 'Continue' (see attached sreenshot). The USB is inserted and contains the recovery key (.txt and .tpm). During reboot I...
System Security
Can not use BitLocker - why?
I have a big problem to set up BitLocker for my PC and also BitLocker to go either. I have totally 4 HDD in my system and 2 external + USB Stick. I already have activated BitLocker without TPM, thanks to the Tutorial here. If open computer and see all my hard drives I can only set up my Drive...
System Security
Hey, I'm trying to use BitLocker Drive Encryption, and I don't have a TPM, and I need to use the BitLocker Preperation tool... but it doesn't work on Windows 7, it finds I don't have 'Vista Ultimate' or 'Vista Enterprise' and says it doestn apply to me, is there any way to get around this, or...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:25.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App