Near the end of the video at 21:08 I mentioned automating the process of clients sending the BitLocker Recovery Keys to to the AD. After this video was published, I have also posted another tutorial on how to automate it using a logon PowerShell script at: kzbin.info/www/bejne/nWO9YXlsgNKNiKM If you do not know how to create a GPO for a logon/logoff scripts, please refer to: kzbin.info/www/bejne/oGLLfoOQm95sl68
@cresrc9308 Жыл бұрын
Thank you for the detailed walkthrough of this BitLocker process.
@NetITGeeks Жыл бұрын
Glad it was helpful!
@TheBoom132 Жыл бұрын
This was fantastic... thank you.
@NetITGeeks Жыл бұрын
Thank you and you're very welcome!
@TheBoom132 Жыл бұрын
@@NetITGeeks I'm having a couple issues with the group policy applying to computers in an OU - can we communicate offline?
@NetITGeeks Жыл бұрын
Check your firewalls settings. If you are using VMs, make sure all devices are on the same LAN Segment (same network) to make it easier for the to communicate with each other. You also need to make sure the GPOs are applied to the correct OU/section on the AD. You may use YT comments for communication or check my email posted on the channel About section. I am very busy with work these days. But I will do my best to help you out. :)
@quank324 ай бұрын
Excellent video. I've been putting this off for years but I'm 100%? Confident that I can roll this out after watching your video
@NetITGeeks4 ай бұрын
Thank you for the comment. :)
@way6869 Жыл бұрын
Thank you for the video. I have client PCs that are not on the domain but have bitlocker turned on. How do I add them to the AD and enable bitlocker? Do I need to turn off bitlocker first then add to the AD? Or can I add then to the domain without turning off bitlocker
@NetITGeeks Жыл бұрын
Thank you for the question... Yes, you should be able to add a client to a domain without turning off the BitLocker on the client. I have posted a tutorial on how to join a domain here: kzbin.info/www/bejne/o4ene6hmgJuHjpY That video explain how we connect a client to a AD DS. Once the device is on the AD DS you can then use the above tutorial to set the AD to store the BitLocker keys. If for some reason that if the device refused to connect to AD (domain), you can try temporary disabling the BitLocker, connecting the device to domain and then reenabling it later.
@peteschaub75616 ай бұрын
Fantastic video sir! Have you ever figured out how to increase the number of bad password attempts before the Bitlocker recovery process starts? It seems to be 5 bad attempts by default, just because that's what I'm seeing in my environment. But I cannot find how to increase that to a different number.
@michaelpierre97384 ай бұрын
Excellent video, thanks
@NetITGeeks4 ай бұрын
You're welcome!
@christophergabriel6940 Жыл бұрын
Great content. What happens to those using Windows server 2012 R2 and some of the systems don't have TPM?
@NetITGeeks Жыл бұрын
Without the TPM chipset, the BitLocker will be ineffective. This is why I think Microsoft decided to not to support BitLocker functions without the chipset.
@adamixa5801 Жыл бұрын
Hi, thanks for the guide. Our requirement is 256 aes encryption. How we can achieve that setting in GPO?
@NetITGeeks Жыл бұрын
I believe encryption services is a separate one that has to be installed on your Windows Server. I have not covered this topic/area as of now. There are multiple ways to enforce encryption on BitLocker keys. But I cannot comment on it at this time as I would have to look into this further. Thank you.
@techboooze Жыл бұрын
How you can enable bitlocker from background ..as an IT admin we can not login to 1000 of system right?
@NetITGeeks Жыл бұрын
This is typically done via MTD during the deployment or cloud based deployment of the laptops and desktops. Bit Locker will be configured from the very beginning. At this time, I don't think Microsoft has a tool to enable BitLocker remotely for thousands of devices at once unless they are being deployed for the first time (using WDS, MDT, Azure, etc.).