How to Cleanup TPM information from AD for Windows 8 computers

For Windows 7 machines, TPM Owner Password is stored in msTPM-OwnerInformation which is attribute of Computer object in AD. So if you delete the computer object, TPM Owner Password is also deleted. For Windows 8, TPM Owner Information is not stored directly under Computer Object. It is stored in a separate object which is linked… Read more

How to Verify BitLocker Recovery Keys in SQL DB using MBAM

Customers using BitLocker Drive Encryption to protect a volume might be curious to know, how to verify BitLocker Recovery keys in SQL database for MBAM. Consider this scenario: A Volume is already BitLocker encrypted and recovery information is backed up in Active Directory. We install the MBAM client on a Windows 7 client machine and… Read more

MBAM Setup Fails with SQL Error: Error obtaining a certificate protected by the master key

Hello, my name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “MBAM Setup fails with SQL TDE Error message” Microsoft BitLocker Administration and Monitoring (MBAM) provide a simplified administrative interface to BitLocker Drive Encryption™ (BDE).  MBAM allows you to select BDE encryption policy options… Read more

BitLocker on Mac Book running Windows 7 Enterprise Edition

Hello, my name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “BitLocker on Mac Book running Windows 7 Enterprise Edition” On a machine which does not have a TPM chip, we can still enable BitLocker but we use a USB device as a startup… Read more

BitLocker Drive Encryption and Active Directory

Hello, my name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “BitLocker Drive Encryption and Active Directory” BitLocker Recovery Information (msFVE-RecoveryInformation) can be backed up in Active Directory by configuring GPO for BitLocker. BitLocker Recovery Information is stored as a child object of the… Read more

How to use Bitlocker Data Recovery Agent to unlock Bitlocker Protected Drives

  Hello, my name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “How to use Bitlocker Data Recovery Agent (DRA) to unlock Bitlocker Protected Drives In Windows 7, we have option to unlock devices using Bitlocker DRA if you have a PKI Infrastructure in… Read more

How to use Hash of TPM from AD to reset your TPM password

Hello, my name is Manoj Sehgal. I am a Support Escalation Engineer in the Windows group and today’s blog will cover “How to use Hash of TPM from AD to reset your TPM password”. As per Best Practices for Bitlocker we configure a Group Policy for TPM to backup information in AD DS. Note: See… Read more

Bitlocker Policies for Windows 7 on Windows Server 2003 or Windows Server 2008

Hello, my name is Manoj Sehgal. I am a Support Escalation Engineer in the Windows group and today’s blog will cover “How to get the bitlocker policies for windows 7 for on Windows Server 2003 as domain functional level” If you open Group Policy Management Editor from a Windows Server 2008 Server you will only… Read more

How to backup recovery information in AD after BitLocker is turned ON in Windows 7

Hello, My name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “How to backup recovery information in Active Directory (AD) after Bitlocker is turned ON in Windows 7 and above.” In this blog, I will try to answer a common question asked to us… Read more

Access Denied Error 0x80070005 message when initializing TPM for Bitlocker

  Hello, my name is Manoj Sehgal. I am a Senior Support Engineer in the Windows group and today’s blog will cover How to initialize TPM successfully when you enable Bitlocker in Windows 7. A common problem we have seen since the release of Windows 7 has been to initialize TPM successfully so that you… Read more