Bitlocker Policies for Windows 7 on Windows Server 2003 or Windows Server 2008

  • Article

Hello, my name is Manoj Sehgal. I am a Support Escalation Engineer in the Windows group and today’s blog will cover “How to get the bitlocker policies for windows 7 for on Windows Server 2003 as domain functional level”

If you open Group Policy Management Editor from a Windows Server 2008 Server you will only see policies for bitlocker for Windows Vista Only and not for Windows 7.

clip_image002

Microsoft included the bitlocker admx and adml files for Windows 7 in windows server 2008 R2.

Windows Server 2003 reads only adm files and not admx and adml files. So on Windows Server 2003, you cannot configure admx and adml files.

Resolution:

You will have to configure the bitlocker policies from Windows 7 Client machine.

1. First install RSAT tools for Windows 7 on a windows 7 client machine which is already join to your domain.

https://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en

2. Then open Group Policy Management Console and create a new policy for bitlocker.

3. Edit the bitlocker policy which will open group policy management editor.

4. Now you can see the Bitlocker Drive encryption Policies for Windows 7 Operating System.

NOTE: Windows 7 machine would need to be used to configure the bitlocker policies for Windows Vista and Windows 7 client machines.

clip_image004

5. Configure the bitlocker policies and now you can save recovery information in AD.

6. If you have Windows Server 2008 and you want to have Bitlocker policies for windows 7, then you need to copy the corresponding admx and adml file for bitlocker.

7. Go to c:\windows\policydefinition folder on Windows Server 2008 R2 machine and then copy the volumeencryption.admx file and corresponding volumeencryption.adml from c:\windows\policydefinition\en-US folder respectively.

8. Go to Windows Server 2008 and then Copy and Replace the existing volumeencryption.admx located at c:\windows\policydefinition folder and volumeencryption.adml located at c:\windows\policydefinition\en-US folder.

For more information on Group Policies for Bitlocker, see my blog below.
https://blogs.technet.com/askcore/archive/2010/02/16/cannot-save-recovery-information-for-Bitlocker-in-windows-7.aspx
Windows 7, Windows Server 2008 R2 and the Group Policy Central Store
https://blogs.technet.com/b/askds/archive/2009/12/09/windows-7-windows-server-2008-r2-and-the-group-policy-central-store.aspx

Manoj Sehgal
Support Escalation Engineer
Microsoft Enterprise Platforms Support