Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, September 12, 2018 7:45 PM
Our Bitlocker USB device GPO settings are configured as follows:
Allow data recovery agent - Enabled
Configure user storage of BitLocker recovery information:
Allow 48-digit recovery password
Allow 256-bit recovery key
Omit recovery options from the BitLocker setup wizard - Disabled
Save BitLocker recovery information to AD DS for removable data drives - Enabled
Configure storage of BitLocker recovery information to AD DS: - Backup recovery passwords and key packages
Do not enable BitLocker until recovery information is stored to AD DS for removable data drives - Disabled
This allowed user to encrypt their devices when they weren't on the domain. Recently we started receiving reports that users can't encrypt their devices when they aren't on the domain/network. When encryption of the device starts the it fails with the following error code: 0x80072ee7
All replies (8)
Thursday, September 13, 2018 12:02 PM
Hi,
Please check if there is any error message in the System and Application event logs. If so, upload them to your OneDrive and share us the link.
Also, you can change to another network environment to have a test.
Regards,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Saturday, September 15, 2018 12:54 PM
What about this GPO checkbox: Do not enable BitLocker until recovery information is stored in AD DS for removable drives
Is that set?
Friday, September 28, 2018 12:48 PM
Hi,
Please check if there is any error message in the System and Application event logs. If so, upload them to your OneDrive and share us the link.
Also, you can change to another network environment to have a test.Regards,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Hello David, thanks for your response. Would the following screenshots suffice?
Friday, September 28, 2018 12:49 PM
Hello Ronald, thank you for your response. No it is currently disabled.
Friday, September 28, 2018 2:40 PM
No clue. Did you go through the google results?
Friday, September 28, 2018 2:50 PM
On the machine, using powershell, did you try the following listed below (Commands may need to be adjusted for your environment)… Did that help?
Enable-BitLocker -MountPoint “E:” -EncryptionMethod Aes256
manage-bde -protectors -get E:
Copy the Numerical Password
manage-bde -protectors -adbackup E: -id <Numerical Password>
Friday, September 28, 2018 8:18 PM
No clue. Did you go through the google results?
Yup I did. The absence of relevant results lead me to writing this post.. Thanks for the help
Friday, September 28, 2018 8:19 PM
On the machine, using powershell, did you try the following listed below (Commands may need to be adjusted for your environment)… Did that help?
Enable-BitLocker -MountPoint “E:” -EncryptionMethod Aes256
manage-bde -protectors -get E:
Copy the Numerical Password
manage-bde -protectors -adbackup E: -id <Numerical Password>
I haven't but I'll give it a try. Thanks..