I also can find the bitlocker recovery key on the windows 10 computer object in AD with the BitLocker Recovery Password Viewer, without extending the schemaġ) Do i still need to extend the schema for windows 10 1709? and if yes, Why?Ģ) How can i verify the schema is extended successfully?ģ) Do i need to manage TPM? We will not use the pre-boot PIN wit Bit locker. Ms-FVE-KeyPackage, ms-FVE-RecoveryGuid, ms-FVE-RecoveryInformation, ms-FVE-RecoveryPassword, ms-FVE-VolumeGuid Since windor 1703, TPM Owner Password is not stored in the AD.Īlso ran this PS command to verify if our AD schema has attributes that are required to store BitLocker recovery keys in Active Directory: Get-ADObject -SearchBase ((GET-ADRootDSE).SchemaNamingContext) -Filter I'm still a little confused about the need to extend the AD schema. I'm new to Bit locker and have read a lot of articles the past week about TPM and Bit locker. We have a W2K8R2 domain, and are in the process of imaging(SCCM) new notebooks(hp elitebook x360 g2 1030) with windows 10 1709.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |