Now you gotta set some permissions so that the computers are allowed to save TPM ownership info to the directory. You also need to install the BitLocker Drive Encryption Administration Utilities on your domain controllers via Server Manager: Like I said, if you’re at least on 2008 they should be there. For me all the required object were present OOB. You need to check whether your AD schema contains the necessary objects, refer to the article Checking BitLocker and TPM Schema Objects. If your levels are fine, rest assured, it will be much more straightforward than most tutorials suggest it with pages and pages of instructions. If your level differs, it may still work, but according to older tutorials, if you’re below 2008 you’ll need to extend the schema and stuff, so in that case, search for another tutorial. your domain and forest functional level is Windows Server 2012 R2 (at least that’s where I performed all this).you want to backup the recovery keys and TPM info to Active Directory.you want to deploy BitLocker on your workstations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |