Category: Windows Server 2008

Backing up BitLocker recovery keys to Active Directory

Using BitLocker to encrypt your system partition is a very good option to keep the computer and the data on it secure. Starting with Vista SP1 you will be able to encrypt not only the system partition but all the other partitions as well, offering even better security. When you encrypt a partition with BitLocker a recovery key is automatically generated so that you can recover the data on the computer when necessary. By default you have the choice of printing the recovery key or saving it to a USB stick or a network share.

BitLocker Key Recovery ToolHowever using a group policy setting (Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Turn on BitLocker backup to Active Directory)  you can also backup the recovery key to Active Directory, which is a very good suggestion I must say. If you are running Windows Server 2008 you do not have to anything to get this working but if you would like to use Windows Server 2003 with SP1 or later to backup the BitLocker recovery key you must use scripts provided by Microsoft to extend the schema.

Microsoft also offer a tool called BitLocker Recovery Password Viewer which can be downloaded directly from Microsoft Premier Services. When this tool is installed it introduce another tab in a computer objects Properties called “BitLocker Recovery” where the BitLocker recovery keys are listed for your viewing pleasure in the case of necessary restoration. The only negative part about the tool is that it can only be installed on a Windows XP or Windows Server 2003 computer as it require that you have installed the “Window Server 2003 Administration tools for SP1” on Windows XP to get the control panel for Active Directory Users and Computers.

UPDATE: I forgot to add the link to the page where you can find all the necessary information as well as the “extend schema”-script. Here it is!

Where are the “Solutions to install” in Vista?

The error reporting tool Problem reports and solutions in Windows Vista (and also in the upcoming Windows Server 2008) is a great addition from what we saw in error reporting in Windows XP. All application, system and driver crashes as well as compatibility problems and missing driver information is listed in this new control panel for error reports and is sent to Microsoft for analysis. Sometimes, much more frequently than Windows XP, there are solutions available. The check for a solution is done instantly when a crash occur in an application or a Windows component but you can also manually check every now and then to see if there are any solutions to the problems you have experienced.

Today Windows Explorer crashed on me and it instantly pointed me to the solution, downloading and installing hotfix KB941648, which is the newly released update for compatibility, reliability and stability in Windows Vista. While there are direct links to the download location of the hotfix in the solution to this problem I am still waiting for the first “solution to install” to show up in the Problem reports and solution tools. Having the necessary updates sent to you would be a lot more convenient, and as the feature is already there I wonder why no one is using it, Microsoft for one should be using it! Have you had a “solution to install”?

Problem reports and solutions