Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

At IU, how can I escrow BitLocker recovery information in Active Directory?

The policy setting described here allows you to manage the Active Directory Domain Service (AD DS) backup of BitLocker Drive Encryption recovery information. For more information, see the Explain tab for the policy "Turn on BitLocker backup to Active Directory Domain Services" within gpedit.msc.

Prerequisites

  • You must have Windows 7 or Windows Vista Enterprise or Ultimate.

  • BitLocker must be turned off.

  • The computer must be joined to Indiana University's ADS domain.

  • You must have administrative credentials on the computer on which BitLocker is being configured.

Instructions

To escrow BitLocker recovery information in Active Directory:

Windows 7

  1. To open the Run dialog box, press Windows-r (the Windows key and the letter  r ).

  2. Type gpedit.msc and click OK.

  3. Expand Computer Configuration, expand Administrative Templates, and expand Windows Components. Click BitLocker Drive Encryption.

  4. Under Operating System Drives, select Choose how BitLocker-protected operating system drives can be recovered.

  5. Select Enabled and Save BitLocker recovery information to AD DS for operating system drives.

  6. Click Apply, and then OK.

  7. Under Fixed Data Drives, select Choose how BitLocker-protected fixed data can be recovered.

  8. Select Enabled and Save BitLocker recovery information to AD DS for fixed data drives.

  9. Click Apply, and then OK.

  10. Under Removable Data Drives, select Choose how BitLocker-protected removable drives can be recovered.

  11. Select Enabled and Save BitLocker recovery information to AD DS for removable data drives.

  12. Click Apply, and then OK.

Windows Vista

  1. To open the Run dialog box, press Windows-r (the Windows key and the letter  r ).

  2. Type gpedit.msc and click OK.

  3. Expand Computer Configuration, expand Administrative Templates, and expand Windows Components. Click BitLocker Drive Encryption.

  4. Double-click Turn on BitLocker backup to Active Directory Domain Services.

  5. Select Enabled.

  6. Select Require BitLocker backup to AD DS.

  7. Select Recovery Passwords and key packages.

  8. Click Apply, and then OK.

If your department leverages Active Directory to manage your Windows computers and you plan to enable BitLocker, UITS strongly encourages you to apply these settings via Group Policy.

This is document avit in domain all.
Last modified on August 27, 2012.

I need help with a computing problem

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.



Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

I have a comment for the Knowledge Base

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.