Looking to elevate your IT skills to the next level? Check out this amazing course on Mastering IT Systems Administration & Azure Cloud Engineering by Udemy! www.udemy.com/course/mastering-it-systems-administration-azure-cloud-engineering/?referralCode=81DA57AB02F994FFEFA2
Very good video. You just forgot one thing. At no point in the video did you demonstrate how you configured the GPO Require additional authentication at startup. How did you do this setup?
thank you for the video it was very informative. i have a problem that i can't save more than one recovery password in AD, for example, i can save the recovery password of C drive but i couldn't backup recovery password for E or D drive?? any idea
Hi Abd, Thanks for watching my video and your comment. to back-up recovery password for External Drive to AD you will need to perform the same configuration as you did for your C-drive. Probably this link can help: docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-basic-deployment
Trust you are well and keeping safe and healthy. A question please;what can be done in the case whereby an organization has 2 separate OU for computers? Namely;1. Default install 2 Created by the Admin Please note, i'm not thinking of moving the computers. I just want to be able to achieve the same goal as backing up all Bitlocker keys to AD.
This is the script I used: $keyID = Get-BitLockerVolume -MountPoint c: | select -ExpandProperty keyprotector | where {$_.KeyProtectorType -eq 'RecoveryPassword'} Backup-BitLockerKeyProtector -MountPoint c: -KeyProtectorId $keyID.KeyProtectorId
Great video Kelvin! Question, do ALL your DCs in a particular site have to have the Bitlocker Encryption installed in order backup the keys on existing devices?
Thanks Andrew for your comment. I only installed BitLocker encryption tools on my primary DC and not on the secondary DC because I performed most tasks using my windows 10 operating system. I installed the Remote Server Administration Tools (RSAT) on my W10 device to manage Active Directory. From my W10 device I can see the tab BitLocker Recovery in the computer properties when opened in AD.
Hi, sorry for my late reaction. If you enable a GPO on a domain and the devices are not in the domain, the policy will not be applied to that domain. For a computer to receive that policy, it will need to be connected to the domain environment. And don´t forget to add the devices to the right organizational unit.
Thanks for the video sir, it is very helpful. Btw may I know what Windows Server version are you using? Because in our Windows 2016 server the BDE Template has no Fixed Data Drives, Operating System Drives and Removable Data Drives folder.
Hi Tristan. I was using Windows Server 2019 for this training. If your are missing any template in Group Policy you will need to download admx templates for Windows 10 operating system. As you may know there are different template for different version of Windows operating system. Always download the latest Admx Template
Great video! It works! Do you have a video that explain how to automatically turn ON BitLocker and encrypt C drive as an enterprise deployment? (I tried with PowerShell and batch file script. no luck)
Hi AlexM. Thanks for watching my video. I appreciate. Great question you asked. I have tried this on my test lab as well without any luck. I still have it in my agenda to do some research about this possibilities. Please don´t forget to subscribe to my RUclips channel.
Does this script applied to all drive in computer or just drive C ? Since I notice that - MountPoint c: ... Correct me if Im wrong. $keyID = Get-BitLockerVolume -MountPoint c: | select -ExpandProperty keyprotector | where {$_.KeyProtectorType -eq 'RecoveryPassword'} Backup-BitLockerKeyProtector -MountPoint c: -KeyProtectorId $keyID.KeyProtectorId
Thanks Kelvin. Actually i work for a company and i have got a task where i need to install OS for more than 250 systems through WDS. Is there any video related to this?
Hi Pratik. You can check on the net for how to deploy operating systems using WDS. I have experience with WDS in the past but do not have much time to create a video for that. At this moment my company is using SCCM to deploy operating systems
Here is a question that i cannot find an answer to. We currently have both of your scenario's working already. The problem we are running into, is with computers that have multiple encrypted hard drives. if it is a new computer the fixed drive options in GPO should suffice, but how can you pull in keys of already encrypted laptops, that have both the C and D drives encrypted?
Hi Sir. I have followed all your steps. I am only getting prompt to save bitlocker recovery key in azure AD instead of onprem. What should I do to fix this
Hi, Are you working a on a private computer or a company device? If this is a private computer, you should have the option to save bitlocker recovery to an external device. But if you are working on a company computer, probably your company have created a policy that allow bitlocker key only to be saved in Azure AD.
Looking to elevate your IT skills to the next level? Check out this amazing course on Mastering IT Systems Administration & Azure Cloud Engineering by Udemy! www.udemy.com/course/mastering-it-systems-administration-azure-cloud-engineering/?referralCode=81DA57AB02F994FFEFA2
whats happens if you re-image it does the PC SID change how does that work?
Very good video. You just forgot one thing.
At no point in the video did you demonstrate how you configured the GPO Require additional authentication at startup.
How did you do this setup?
super helpful video! thanks for posting
Thanks bro for your feedback. Please don´t forget to like and subscribe
Hi Kelvin, I just want to make sure what can we make auto encrypted the bitlocker option without typing the password.
Thanks
thank you for the video it was very informative.
i have a problem that i can't save more than one recovery password in AD, for example, i can save the recovery password of C drive but i couldn't backup recovery password for E or D drive??
any idea
Hi Abd, Thanks for watching my video and your comment.
to back-up recovery password for External Drive to AD you will need to perform the same configuration as you did for your C-drive.
Probably this link can help: docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-basic-deployment
Trust you are well and keeping safe and healthy.
A question please;what can be done in the case whereby an organization has 2 separate OU for computers?
Namely;1. Default install 2 Created by the Admin
Please note, i'm not thinking of moving the computers. I just want to be able to achieve the same goal as backing up all Bitlocker keys to AD.
fantastic video, great walk through and explanation
Thanks chris. Please don´t forget to subscribe to my RUclips channel. I will appreciate it a lot
From where we can get this script
This is the script I used:
$keyID = Get-BitLockerVolume -MountPoint c: | select -ExpandProperty keyprotector |
where {$_.KeyProtectorType -eq 'RecoveryPassword'}
Backup-BitLockerKeyProtector -MountPoint c: -KeyProtectorId $keyID.KeyProtectorId
Great video Kelvin! Question, do ALL your DCs in a particular site have to have the Bitlocker Encryption installed in order backup the keys on existing devices?
Thanks Andrew for your comment.
I only installed BitLocker encryption tools on my primary DC and not on the secondary DC because I performed most tasks using my windows 10 operating system. I installed the Remote Server Administration Tools (RSAT) on my W10 device to manage Active Directory. From my W10 device I can see the tab BitLocker Recovery in the computer properties when opened in AD.
If i enable this on laptops and people are not the domain will there be issues?
Hi, sorry for my late reaction. If you enable a GPO on a domain and the devices are not in the domain, the policy will not be applied to that domain. For a computer to receive that policy, it will need to be connected to the domain environment. And don´t forget to add the devices to the right organizational unit.
Thanks for the video sir, it is very helpful. Btw may I know what Windows Server version are you using? Because in our Windows 2016 server the BDE Template has no Fixed Data Drives, Operating System Drives and Removable Data Drives folder.
Hi Tristan. I was using Windows Server 2019 for this training. If your are missing any template in Group Policy you will need to download admx templates for Windows 10 operating system. As you may know there are different template for different version of Windows operating system. Always download the latest Admx Template
Really Helpful !!! Great Job
Thanks Rohit for the comment. I really appreciate it.
Please don´t forget to subscribe to my RUclips channel
Great video!
It works!
Do you have a video that explain how to automatically turn ON BitLocker and encrypt C drive as an enterprise deployment?
(I tried with PowerShell and batch file script. no luck)
Hi AlexM. Thanks for watching my video. I appreciate.
Great question you asked. I have tried this on my test lab as well without any luck. I still have it in my agenda to do some research about this possibilities.
Please don´t forget to subscribe to my RUclips channel.
hi alex., i have an script to enable C drive and store the recovery information to AD
@@princec4933 hi man can you share to me the script? please
Does this script applied to all drive in computer or just drive C ? Since I notice that - MountPoint c: ... Correct me if Im wrong.
$keyID = Get-BitLockerVolume -MountPoint c: | select -ExpandProperty keyprotector |
where {$_.KeyProtectorType -eq 'RecoveryPassword'}
Backup-BitLockerKeyProtector -MountPoint c: -KeyProtectorId $keyID.KeyProtectorId
Hi Ahrun, This script will only be applied to the C drive and not other drive´s.
@@Kelvglobal If I wanna applied to all drive. do you have any advise
Thanks Kelvin.
Actually i work for a company and i have got a task where i need to install OS for more than 250 systems through WDS.
Is there any video related to this?
Hi Pratik.
You can check on the net for how to deploy operating systems using WDS.
I have experience with WDS in the past but do not have much time to create a video for that. At this moment my company is using SCCM to deploy operating systems
Here is a question that i cannot find an answer to. We currently have both of your scenario's working already. The problem we are running into, is with computers that have multiple encrypted hard drives. if it is a new computer the fixed drive options in GPO should suffice, but how can you pull in keys of already encrypted laptops, that have both the C and D drives encrypted?
in addition to the GPO script you could include an if/else statement to encrypt mountpoint D: , E: , etc..... 2 years later but I hope this helps
Hi Sir.
I have followed all your steps. I am only getting prompt to save bitlocker recovery key in azure AD instead of onprem. What should I do to fix this
Hi, Are you working a on a private computer or a company device? If this is a private computer, you should have the option to save bitlocker recovery to an external device. But if you are working on a company computer, probably your company have created a policy that allow bitlocker key only to be saved in Azure AD.
I cannot write in that startup folder. No permission
Great Video :) Good job
Thanks David for the comment
Great video! thanks
Thanks Boris for the video.
Please don´t forget to my subscribe to my RUclips channel.
Hi Is this article valid in 2008 server?
Hi Ali, I have not tried on a 2008 server. Why you don´t you upgrade to a more recenter server?
Perfect
Thanks Ahmed. Please don´t forget to subscribe to my RUclips channel.