Server 2008 r2 windows 10 bitlocker
i have used ldifde on article below extend our 2008 r2 schema mstpm-tpmownerinformationforcomputer object , gave the self object write permissions.
all succeeds , after installed bitlocker recovery password viewer ad.
1 windows 10 computer wrote it's key mstpm-tpmownerinformationforcomputer can see in adsiedit when go in aduc bitlocker recovery password viewer tab see ' no items in view '
can 2008 r2 bitlocker recovery password viewer not see mstpm-tpmownerinformationforcomputer attribute , value (and windows 7 mstpm-tpmownerinformation) ?
so got working , can confirm 2008 r2 bitlocker veiwer can view recovery password of windows 10 machines.
just extend 2008 r2 schema ldf mstpm-tpminformationforcomputer , set acl
then apply correct gpo
enable-bitlocker , recovery key get's put in ad , viewable
Windows Server > Directory Services
Comments
Post a Comment