Q: Does the new Microsoft BitLocker Administration and Management tool require changes to Active Directory?

Using BitLocker doesn’t require schema changes to Active Directory.

John Savill

August 31, 2011

1 Min Read
ITPro Today logo

A: The Microsoft BitLocker Administration and Management (MBAM) tool is a new addition to the Microsoft Desktop Optimization Pack (MDOP), which is an enterprise solution for the management and reporting of BitLocker Drive Encryption within an organization.

MBAM itself doesn’t require any schema changes to Active Directory (AD), nor does it actually store information in AD. MBAM recovery keys and other BitLocker data are stored in a SQL Server database instead of as objects in AD.

Machines and users should still be part of an AD domain as MBAM uses Group Policy Objects for the client management of MBAM on BitLocker-enabled machines. See the article at the Microsoft website,  which includes hiding the default BitLocker control panel applet from end users.

Read more about:


About the Author(s)

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like