Tip of the Day: What Could Cause Bitlocker to Start in Recovery Mode?

Today’s Tip… What Could Cause Bitlocker to Start in Recovery Mode? We see this question pop up frequently enough that I thought it would be beneficial to send this out. Changing any boot configuration boot entry data type settings with the exception of the following: Description RAMDiskImageOffset PassCount TestMix FailureCount TestToFail Note: When installing a…

1

Tip of the Day: BitLocker Pre-provisioning

Today’s tip… Unlike Windows Vista and Windows 7, Windows 8 has the ability to pre-provision the system volume during installation. To use BitLocker Pre-Provisioning, we have three options open to us, MDT 2012, SCCM 2012 SP1, or WinPE 4.0. In MDT 2012, we use the Enable Offline Task Sequence which uses ztibde.wsf file to encrypt…


Tip of the Day: BitLocker PIN/Password Change

Today’s tip… While it still requires administrative privileges to configure BitLocker, with Windows 8, standard users can now by default change their own PIN/Password.  It is recommended that this be used in conjunction with the ‘Configure use of passwords’ GPO setting to enforce length and complexity. One thing this means for enterprises is that they…


Tip of the Day: BitLocker ‘Encrypt Used Disk Space Only’

Today’s tip… Previously, BitLocker encryption has been an ‘all or nothing’.  Either a volume was completely encrypted or it was not.  Windows 8 brings us a new option, ‘Encrypt Used Disk Space Only’.  Just like it sounds, this option allows us to encrypt only the parts of the volume that are currently in use.  As…


Tip of the Day: Bitlocker on CSVs

Today’s tip… Bitlocker functionality is available on CSV2.0 (Cluster Shared Volumes).  However, it is a requirement to have at least one Windows 2012 Domain Controller in the environment. Windows Server 2012 and 2012 R2 both can take advantage of this.