Great video, very instructional. Got an odd ball question though, our current network has four separate domain controllers and they all work in parallel. Would installing these features on each domain controller one at a time cause any issues in regards to PC's becoming inaccessible? If we reboot one DC our full domain remains online, though what we're concerned about is if we enable BitLocker backups on one controller and it's out of sync with the others, think it may shut down? Or, is it fine if we install the BitLocker features on each domain controller one at a time? Thanks!
have got message during encryption :Fehlermeldung: Die GPO-Einstellungen für BitLocker stehen in Konflikt The GPO settings for BitLocker are in conflict
Does anyone know how to increase the number of bad passwords before the Bitlocker recovery process starts? It seems to be set to 5 by default but I can't figure out how to change it.
Is it possible to encrypt windows 10 client disks by GPO without having to go the users machine? The video shows the Key controller GPO, but does not show encrypting disks by AD without the need Activate the bitlocker on the users machine. Thank you very much, and i look forward to It.
I am unable to get next button even though I’ve followed all your steps. Another thing is I am prompted to save recovery keys in azure AD and I want it to be on premise AD. Please help
I have a small and random case of AD losing bitlocker keys. Is there a way to protect the key from updating to blank or backup of my keys once they are stored or something?
How to lock PC when a user enters an incorrect password several times, that user simply gets locked out of his account. How do you when the user enters the wrong password then goes to bitlocker recovery mode ?
Video is very helpful i have one query and issue that the above steps are working properly but what we can do for another drives as well. I have tested it for D: drive but in active directory there is only C: drive key is backed up.
does the "Require BitLocker backup to AD DS" mean that BitLocker will automatically enable on computers in the OU? I've found that computers are automatically seeming to have BitLocker enable for them. thanks.
Nice video. Can you create a script or tell us how we can encrypt the OS hard drive... You have told us how to recover the bitlocker viz AD Thanks for sharing that
Is that possible to bitlocker key change automatically without reset by manually from client computer? If yes can you plz let me know the process and it can be changed once it being used Plz let us know if any process available
So if I do understand U correctly, this information, that window 10 1607 and above is not storing the Keys in AD although the Setup has been done, is no more accurate?! "For Windows 10 1607 and above: TPM Owner Password is not stored in the AD at all. Even though you can configure GPO on previous operating system (Windows 8/Windows Server 2012 R2) “Turn on TPM backup to Active Directory Domain Services” or registry keys directly on the client machine: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM\ActiveDirectoryBackup = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM RequireActiveDirectoryBackup = 1 Windows 10 1607 will ignore these values. Another thing which is worth to mention that GPO Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Turn on TPM backup to Active Directory Domain Services has been removed from ADMX templates in Windows 10 1607 and Windows Server 2016. Thus most of information provided in this article is for pre Windows 10 1607 editions." blogs.technet.microsoft.com/dubaisec/2017/02/28/tpm-owner-password/
Open Active Directory Users and Computers snap-in. --> Click the Computers container. --> Right-click on your target computer account and select Properties --> Go to the BitLocker Recovery tab. Here you can view all BitLocker recovery keys that were automatically backed up to AD.
Don't enable the GPO "Requires additional authentication at startup". It's only doing this for the demo because he's using a VM. In the real world you'll be encrypting physical machines and they'll authenticate with TPM
![Megan Thee Stallion - Neva Play (feat. RM) [Official Video]](http://i.ytimg.com/vi/TpYTyAaTRts/mqdefault.jpg)
Didn't get this part of tutorial. Although I have the GPO configured and applied to the computer, do I have to manually enable BitLocker?
It worked, very helpful, thank you so much for sharing knowledge.
Great video, very instructional. Got an odd ball question though, our current network has four separate domain controllers and they all work in parallel. Would installing these features on each domain controller one at a time cause any issues in regards to PC's becoming inaccessible? If we reboot one DC our full domain remains online, though what we're concerned about is if we enable BitLocker backups on one controller and it's out of sync with the others, think it may shut down? Or, is it fine if we install the BitLocker features on each domain controller one at a time? Thanks!
Thank you so much for your video!
have got message during encryption :Fehlermeldung: Die GPO-Einstellungen für BitLocker stehen in Konflikt
The GPO settings for BitLocker are in conflict
If I want yo use TPM, How will be the additional authentication setup?
Does anyone know how to increase the number of bad passwords before the Bitlocker recovery process starts? It seems to be set to 5 by default but I can't figure out how to change it.
Is it possible to encrypt windows 10 client disks by GPO without having to go the users machine? The video shows the Key controller GPO, but does not show encrypting disks by AD without the need Activate the bitlocker on the users machine. Thank you very much, and i look forward to It.
You can push manage bde toolkit to install bitlocker remotely to the domain machine
Good video.
Thanks!
Thank you very Much Perfect video very Helpful!!!!
i have got only two option after encrypt c: save file recoverykey print. there is no option for password
I am unable to get next button even though I’ve followed all your steps. Another thing is I am prompted to save recovery keys in azure AD and I want it to be on premise AD. Please help
Thank you 😊
This is crystal clear...
Thank you...
I have a small and random case of AD losing bitlocker keys. Is there a way to protect the key from updating to blank or backup of my keys once they are stored or something?
It works.. Thank you!
How to lock PC when a user enters an incorrect password several times, that user simply gets locked out of his account.
How do you when the user enters the wrong password then goes to bitlocker recovery mode ?
I mean, what is now true? Should one not use MBAM to save Windows10 Clients keys in AD?
Oke memberserver but what with client computers? Windows 10
Same process for windows 10 client machine as well.
Video is very helpful i have one query and issue that the above steps are working properly but what we can do for another drives as well. I have tested it for D: drive but in active directory there is only C: drive key is backed up.
I am facing the same issue, did you find any solution?
thx for your valuable information video
thanks
does the "Require BitLocker backup to AD DS" mean that BitLocker will automatically enable on computers in the OU? I've found that computers are automatically seeming to have BitLocker enable for them. thanks.
Yes. it will be applicable to all computers stored in particular OU.
That will really so much helpful...😘😘
Nice video. Can you create a script or tell us how we can encrypt the OS hard drive... You have told us how to recover the bitlocker viz AD
Thanks for sharing that
Is that possible to bitlocker key change automatically without reset by manually from client computer? If yes can you plz let me know the process and it can be changed once it being used
Plz let us know if any process available
I am not aware if we can change the key that way. Need to check. I am not sure yet but I dont think it is possible.
So if I do understand U correctly, this information, that window 10 1607 and above is not storing the Keys in AD although the Setup has been done, is no more accurate?!
"For Windows 10 1607 and above:
TPM Owner Password is not stored in the AD at all. Even though you can configure GPO on previous operating system (Windows 8/Windows Server 2012 R2) “Turn on TPM backup to Active Directory Domain Services” or registry keys directly on the client machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM\ActiveDirectoryBackup = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM RequireActiveDirectoryBackup = 1
Windows 10 1607 will ignore these values.
Another thing which is worth to mention that GPO
Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Turn on TPM backup to Active Directory Domain Services
has been removed from ADMX templates in Windows 10 1607 and Windows Server 2016. Thus most of information provided in this article is for pre Windows 10 1607 editions."
blogs.technet.microsoft.com/dubaisec/2017/02/28/tpm-owner-password/
So if running 1607 or higher, this video is really not worth doing then? There doesn't appear to be a fix or work around either?
It is possible to automatically unlock drive without enter a password at startup? Using the keys stored in TPM chip?
+1 (218) 331‑1763
𝓦𝓱𝓪𝓽𝓼 𝓐𝓹𝓹
Very Nice Video.. :)
where the keys are stored in active directory? (pop)
Open Active Directory Users and Computers snap-in. --> Click the Computers container. --> Right-click on your target computer account and select Properties --> Go to the BitLocker Recovery tab. Here you can view all BitLocker recovery keys that were automatically backed up to AD.
Will this also work if your DC is Server 2016?
Yes..
How to configure bitlocker without use /prompt password recover key in boot systems
Don't enable the GPO "Requires additional authentication at startup". It's only doing this for the demo because he's using a VM. In the real world you'll be encrypting physical machines and they'll authenticate with TPM
Every time you reboot machine it will ask for recovery key! How do you fix that
Skip the step at 3:42 which is require additional authentication at startup.
@@bmx123pro Still asking for password at startup