Good enough. I'll take a look, but if you have more specifics, I'd appreciate it.
Kurt On Thu, Nov 30, 2017 at 5:20 PM, Steve Whitcher <[email protected]> wrote: > Yes, this can definitely be done, I've had our environment working this way > for years. There is a GPO you can set to require bitlocker keys be backed up > to AD. If that is set, bitlocker won't encrypt the drive if it can't save > the key to AD. > > It was a little bit complicated when I set it up originally, but that was 6 > or 7 years ago. The process may be simpler now. There was definitely a well > documented process on technet back then for enabling the key backup. > > Steve > On Thu, Nov 30, 2017 at 6:52 PM Kurt Buff <[email protected]> wrote: >> >> Anyone have a clue on how to do this - without setting up MBAM? >> >> AFAICT, there isn't a way to do this, but I'm throwing it out here to >> see if I'm wrong. MBAM sets my teeth on edge, needing a SQL instance >> and all that when all I want to do is provision new machines with >> Bitlocker and get the key set up in AD in one go, and not hassle with >> writing the key to a file, then running another (logon) script to get >> the key imported into AD. >> >> Kurt >> >> >
