Bitlocker backup to AD

[jkal25]

I'm having trouble getting my clients to backup the bitlocker info to AD. I've followed the Configuration Guide (we're running Win2k3R2 domain controllers) as well as the Testing steps detailed in the guide. I'm successfully able to backup TPM information, but the FVE information isn't even attempted to be backed up to AD. I've checked the GPO, and checked the registry on the client as well, and HKLM\SOFTWARE\Policies\Microsoft\FVE\ActiveDirectoryBackup and RequireActiveDirectoryBackup are both set to 1.

It looks like those two GPO objects are being set, but not enforced. I think that because I don't have any 513 or 514 errors in the System Event Log (for FVE anyway - I see the 514 for the TPM backup), and I did a packet capture and don't see a conversation happening between the client and any of my DC's. Also, Bitlocker successfully encrypts the volume, which I thought it shouldn't do until it successfully backed up the recovery information to AD, and it's not there (I used a regular LDAP browser as well as the add-on for AD Users & Computers and the FVE entries are nowhere to be found).

I was able to replicate this on two Win7 Enterprise x64 clients. I'm at a loss at this point at even where else to look for hints of what's going on.

Thanks for any help.

- Joe

 

[jkal25]

Resolved: BitLocker to AD

Seems like all I had to do was post and that got me in the right direction...

There are different GPO settings based on the OS. I set the Vista ones correctly, but not the Win7 ones, so I adjusted the settings in the GPO (have to set within Operating System Drives, Fixed Data Drives, and Removable Data Drives as well as in the BitLocker Drive Encryption folder).

They must look at different registry keys as well, as I checked those on the client before, but there must be multiple places.

Thanks.

 

[MSMVP]

u may go to seach some info from msdn