MBAM bitlocker-protected removable drives recovery keys saved on sql database not active directory

Similar Messages

• Escrow the recovery key in DB server and not in AD when removable drive is encrypted.

  Is there any way to escrow the recovery key in the database server and not in AD when removable drive (USB drive) is encrypted via manage-bde command line? The data recovery agent is not enabled in our organization. 
  "Choose how bitlocker protected removable Drives can be recovered" for removable drives is disabled in our Group policy also.
  Please advise. Thank you.

  As far as I am concerned, you cannot do that when you are using the command line "Manage-bde".
  The reason is because, the manage-bde command line parameters doesn't support saving recovery keys to databases. Also there is not any group policy defined for it.
  I you want an option to save recovery keys in a database rather than the AD, I would recommend to use MBAM (Microsoft Bitlocker Administration and Monitoring).
  Gaurav Ranjan

• We have created two partitions in removable drive(USB). One of the partition is active and the other is hidden. We are trying to acess the hidden partition in Win PE 3.0 environment using WMI

  We have created two partitions in removable drive(USB). One of the partition is active and the other is hidden. We are trying to access the hidden partition in Win PE 3.0 environment using WMI. VBScript code snippet used to detect the partitions is given
  below:- 
  SetobjWMIService = GetObject("winmgmts:"_&
  "{impersonationLevel=impersonate}!\\"&
  strComputer & "\root\cimv2")
  SetcolDisks = objWMIService.ExecQuery
  Select * from Win32_LogicalDisk")
  It will return the partition which is active but fails to list the partition which is hidden. The same piece of code was supported on WinPE 2.0

  I am giving the complete code, may be you are able to understand better. We are using Win32_LogicalDisk to retrieves the complete information of all the drives (like C:, D:) including removable drives. 
  Function
  LocalDriveFound()
      strComputer =
  SetobjWMIService = GetObject("winmgmts:"_
  "{impersonationLevel=impersonate}!\\"&
  strComputer & "\root\cimv2")
  SetcolDisks = objWMIService.ExecQuery
  "Select * from Win32_LogicalDisk")
  ForEachDiskDrive
  IncolDisks
          DriveLetter = Left(DiskDrive.Name,1)
          DriveType = DiskDrive.DriveType
          VolumeName = DiskDrive.VolumeName
          WScript.echo Driveletter &
  "|"& Drivetype &
  "|"&VolumeName
  SelectCaseDriveType
  Case2 ,3  
  'Fixed or removable
  If(VolumeName=USBVolumeName)
  Then
  If(DriveLetter<>
  "Z")
  Then
                      ChangeDriveLetterWithMountvol DriveLetter,
  "Z"
  EndIf
                  bIsLocal=
  True
  EndIf 
  If(VolumeName=USBRootName)
  Then
  If(DriveLetter<>
  "Y")
  Then
                      ChangeDriveLetterWithMountvol DriveLetter,
  "Y"
  EndIf
                  bIsLocal=
  True
  EndIf 
  CaseElse
  EndSelect
  Next
  SetDrives =
  Nothing
  SetFileSystemObject =
  Nothing
  End
  Function

• Bitlocker enabled drive, recovery key needed during boot, PCS did not match, event id 24635, source bitlocker-driver

  Hi
  After rebooting one of our test machines, bitlocker wanted the recovery key.
  There were no hardware modifications on that machine.
  Error message in event log:
  Bootmgr failed to obtain the bitlocker volume master key from the TPM because the PCRs did not match
  Event id 24635, source bitlocker-driver
   Each time the machine starts, the recovery key is needed.
  Any idea how to solve that issue and why it happens?
  update:
  Second partition was created manually on that machine. So that's clear that bitlocker reacts...
  But now: how can I confirm those changes so that the recovery key is not needed each time we boot?

  Hi,
  I would like to confirm if BitLocker accepts the recovery key?
  Please update the BIOS to improve the stability for TPM first.
  I also would like to suggest you disable and enable BitLocker again to reset the settings.
  For more information, please refer to the following link:
  http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx
  Regards,
  Arthur Li
  TechNet Subscriber Support
  in forum
  If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Bitlocker fails to store recovery key in AD

  I am deploying Windows 8.1 with Bitlocker with TPM and PIN and recovery keys stored in AD.
  This works fine for most deployments but rarely Manage-bde fails to store the Recovery key into AD. This only happened three times over about 200 deployments.
  I have checked the ZTIBDE.WSF script and I have noticed that the command is launched but there is no check on its return code. I am not even sure if Manage-bde actually returns any. Therefore for the failed deployments I don't know why the recovery key wasn't
  stored and also I din't get any report that it actually failed. The only reason we realised that is because one user had problems in getting the PIN to work and required the Recovery Key. To our surprises this was not in AD! This is then when we checked
  all AD objects and found only three didn't have it. Looking at the deployment logs there are no errors for these.
  Luckily the user then successfully managed to enter the PIN and could boot up his laptop (and, by the way, we could get his recovery key from C:\). 
  Questions:
  1) Has anybody else experienced this?
  2) Does Manage-BDE return anything at all? It seems strange to me that ZTIBDE.WSF doesn't check for its return code as the script checks for errors in a million places.
  3) Is there any easy way I can check whether the AD info is actually stored? I was thinking to write some code to query AD for that computer and see if the BL info actually are there. Maybe Manage-BDE can provide that?
  Many thanks.

  Hi,
  This link has all the information you need. And more importantly which policies to create.
  I have managed to do this implementation myself, and can only state that it works like a charm.
  See a copy/paste of the bit-locker section I have configured in the customsettings.ini when doing deployments with MDT:
  [HP Elitepad 900]
  SkipTaskSequence=YES
  TaskSequenceID=OSD001
  ; Bitlocker Configuration
  BDEInstallSuppress=NO
  BDeWaitForEncryption=False
  BDEDriveLetter=S:
  BDEDriveSize=2000
  BDEInstall=TPM
  ; OSDBitLockerCreateRecoveryPassword=AD
  BDERecoveryKey=AD
  BDEKeyLocation=C:\Windows\BDEKey
  Hope this helps!
  If this post is helpful please click "Mark for answer", thanks! Kind regards

• I can not access my hard disk protected by Bitlocker drive despite the right recovery key

  I had locked my 1 TB harddisk 1 year back with BitLocker Drive. I have been using its recovery key to unlock it since then. But since 3 days back, it has been displaying the message " Error recovering disk. The recovery key entered is not correct, try
  it again." And I am not able access my important documents despite of having the right key.
  Please help me. Thanks alot in advance.

  One of the greatest feature of MBAM is single-sign of Recovery Key which means if a recovery key is used once, it will be automatically re-generated. So, first match the 8 digit starting of Recovery ID with its associated recovery key.
  Or re-request for the Recovery Key to your MBAM Administrator by providing him the starting 8 digit recovery ID. You can also get the recovery key again using the MBAM self-Service Portal.
  Gaurav Ranjan

• Recovery key

  I've was a iTools user and a .mac and mobileme (yuk) user. I've had the same email for almost 15 years. Now I'm reading about a "recovery key" if you get locked out of your Apple account. I never had one. How do I get it? I'm worried.
  http://thenextweb.com/apple/2014/12/08/lost-apple-id-learnt-hard-way-careful-two -factor-authentication/
  I don't intend to ever use my iphone to handle my credit cards or bank cards. Too iffy at this point and if there's a problem the trail for fixing it is too long. Better to be conservative and use cards in my wallet like we have since I was born.

  If it is a BitLocker problem the URL is
  http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq
  If it is not a BitLocker problem you will have to contact HP Technical for more assistance.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• HT6170 lost password id apple and lost recovery key

  I lost password id apple and lost recovery key,how to reset my password

  Do you have another trusted device for two-step verification?
  See:  Frequently asked questions about two-step verification for Apple ID   
  http://support.apple.com/kb/HT5570
  What if I lose my Recovery Key?
  If you lose your Recovery Key, you can replace it any time:
  Go to My Apple ID.
  Select Manage your Apple ID and sign in with your password and trusted device.
  Select Password and Security.
  Under Recovery Key, select Replace Lost Key.
  When you create a new key, your old Recovery Key is no longer usable.
  and
  What if I forget my Apple ID password?
  You can reset it at My Apple ID using your Recovery Key and one of your trusted devices.
  Apple Support can't reset your password for you. To reset your password, you must have your Recovery Key and access to at least one of your trusted devices.
  if you have neither your AppleID password, nor your Recovery Key, nor a trusted device, not even Apple can help you to get access to your account.

• TS4036 where does icloud store my mac osx recovery key?

  where does icloud store my mac osx recovery key for file vault?

  Note that you have to have specifically chosen to store the key with Apple at the time you created the FileVault encryption, and chosen security questions so that you can identify yourself when you come to retrieve it. If you did not store it with Apple in this way and do not have a record of it elsewhere then you cannot proceed. All this has nothing to do with iCloud and the process is not automatic.

• Saving data in sql database

  Ive seen same title subjects but apparently these topics have been deleted. Anyway,
  I have a data base named "TestDB", under url www.mysql.com/TestDB. I did in it 2 fields, "ProjectNr", "ProjectName".
  Now, I have Webdyn Pro app with two InputFields binded to Contexts "ProjectNr", "ProjectName" and a button "Save"
  What code do I need to write in onActionSave() part to make data written into those two fields be saved in sql database after pressing Save button.

  Hi,
  Following is the code, pl aligh that to your requirement
  try {
            Class.forName("com.sap.dbtech.jdbc.DriverSapDB");
             String url="jdbc:sapdb://<HostID>/J2E?sqlmode=ORACLE";
              Connection con=DriverManager.getConnection(url,"UserID","password");
              String projectID = wdContext.current<Yournode>Element().get<yourAttribute>();
              String projectName = wdContext.current<YourNode>Element().get<your Attribute>();
              String sql = "insert into Project values (?,?)";
              PreparedStatement stmt = con.prepareStatement(sql);
              stmt.setString(1, projectID);
              stmt.setString(1, projectName);
       } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
  try to make use of JNDI for database connections. That s one of the best practises.
  http://java.sun.com/javase/technologies/database/
  Regards
  Ayyapparaj

• Active Directory System Group discovery has been removed

  Hello,
  I noticed in SCCM 2012 Active Directory System Group discovery has been removed which discovery is provided the
  information previously collected through this discovery?
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  Hi,
  Yes Active Directory System Group Discovery has been removed (not Active Directory System Discovery)
  It is written in http://technet.microsoft.com/en-us/library/gg712308.aspx#BKMK_DiscoveryMethods
  What's new in SCCM 2012
  and confirmed in
  http://blogs.technet.com/b/elie/archive/2012/05/10/system-center-2012-configuration-manager-part2-discovery-methods.aspx
  Thanks,
  DOm
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

• BitLocker Drive Encryption Recovery Key

  I have a Dell Optiplex 7010 running Windows 7 Enterprise 64-bit. Intermittently when booting the computer the Windows BitLocker Drive Encryption Recovery Key Entry screen shows up. Most of the time I can power off the computer and then turn it back on and
  it loads Windows without that screen showing up. If powering it off and back on again doesn’t get me past the Windows BitLocker Drive Encryption Recovery Key screen, I will enter the recovery key.
  I have already reimaged the computer, replaced the hard drive, cleared Bitlocker Cache in the BIOS and have updated the BIOS to the latest version.
  Any ideas to keep the Windows BitLocker Drive Encryption Recovery Key Entry screen from showing up?

  Hi,
  I have already reimaged the computer, replaced the hard drive, cleared Bitlocker Cache in the BIOS and have updated the BIOS to the latest version.
  Did you mean you have re-install the OS? Did you use another clean image rather than capturing the old OS?
  Did you encrypt the OS partition?
  Please use below command to check the status:
  manage-bde -status
  If there is any volume is encrypted, use below command to turn it off:
  manage-bde -off C:
  Karen Hu
  TechNet Community Support

• Bitlocker requests recovery key every time

  I have a T440s. The motherboard died and was replaced by Lenovo. I had Bitlocker drive encryption enabled. Now, ever time I reboot, I am required to enter the Bitlocker Recovery Key. I can't figure out how to fix this so I don't have to type it every time!
  I've tried, to no avail:
  1) In BitLocker Manager, I clicked on  "Suspend Protection" and then  "Resume Protection". When I reboot, I get prompted for recovery key again.
  2) In BitLocker Manager, I clicked on  "Suspend Protection", rebooted and wasn't asked for the Recovery Key. But, on subsequent reboots, I am asked for recovery key. I read that Protection is automatically enabled (after Suspend) on next boot.
  3) Ran this commands at elevated command prompt:
  Manage-bde -protectors -delete C: -type TPM
  and I get this error msg:
  Volume C: []
  Key Protectors of Type TPM
  ERROR: No key protectors found.
  I've googled quite a bit and can't figure out what else try, short of decrypting the drive and reencrypting it.
  Thank you!

  I have Win 8.1.  Yeah, I checked via tpm.msc and it looks like TPM is activated:
  Status: "The TPM is ready for use."
  And under TPM Manufacturer Info, it says Manf Name: TPM, Manf Version: 13.12, Specification Version: 1.2. 
  And in the Actions on right pane, "Prepare the TPM" is greyed out. And these actions are available: Turn TPM Off, Change Owner Password, Clear TPM, and Reset TPM Lockout.
  I've been wondering about turning TPM off and on. Would that screw things up?

• Recovery key from MBAM for non TPM machines

  Hi,
  Since long time am trying to find answer about below query but unlucky , can some one guide me if this is feasiable or not?
  1. I have non TPM Machines and want to use Bitlocker with MBAM.
  2. if I will use the USB flash driver as start-up key during machine start-up than can we get the recovery key from MBAM (self service or helpdesk portal) if I lost the USB flash drive ?
  Shailendra Dev

  Hi,
  For Windows 7 computers TPM is a requirement for Windows 8 / 8.1 it is not, so it depends in what client OS you want to manage.
  See the documentation:
  http://technet.microsoft.com/en-us/library/dn145046.aspx
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Bitlocker no recovery key, no access to computer.

  During some standard automatic updating, bitlocker became active ( I dont know how ).
  When I tried to log-on next time I was asked for the "Windows Bitlocker Drive Encryption Recovery Key", I don't have it.
  Is there a way to access the laptop. I can prove it is mine and have all the required No's for the machine and the windows-7 OS.

  Have a look at similar thread : https://social.technet.microsoft.com/Forums/en-US/594c3109-c800-4b3e-aac9-c93bccc38d4e/how-to-unlock-a-drive-protected-by-bitlocker-without-its-password-and-recovery-key-i-lost-my?forum=w7itprosecurity
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.