So, just how do we solve this issue? There are numerous ways we could look at this from a process perspective, but I want to reduce the amount of human error and interaction wherever possible. There may be other instances in which MBAM is unable to escrow keys however the above were the ones I saw most.
Helpdesk or end user manually encrypts drives with BitLocker but MBAM doesn’t get installed. MBAM cycles a new key but escrow back to the server fails. Here are a couple of scenarios I’ve seen which has caused us issues in recovering drives: However, I’ve seen a few issues during implementation that prompted me to take a closer look at managing our overall BitLocker environment, outside of just what MBAM provides. MBAM already handles key escrow, enforcement, key recovery and reporting for the BitLocker environment and does a very good job at it. Why would I use a Data Recovery Agent when I have BitLocker In our case we will be discussing a BitLocker DRA. Data Recovery Agents – What are they?Ī Data Recovery Agent, or DRA, is an account typically based on a Smart Card or Certificate which can be used for Encrypting and Decrypting a file or folder (EFS) or an entire drive (BitLocker). 
In this post, I’ll be discussing a lesser known method of securing your BitLocker encrypted drives with Data Recovery Agents (DRA). It makes enforcement, reporting and key recovery for systems fairly simple once the pre-requisites have been met (i.e. I’ve been using the Microsoft BitLocker Administration and Monitoring (MBAM) software from the Microsoft Desktop Optimization Pack (MDOP) for the past couple of years and I love it.
0 kommentar(er)
