Thu, Dec 7 2006 9:03 mika

Windows Vista Bitlocker recovery keys and Active Directory schema extension

Although ADPREP executable exists on the Vista DVD (\sources\adprep\adprep.exe) with accompanying LDF files (sch14.ldf - sch39.ldf), you should NOT use it to extend the schema of Windows 2000/Server 2003/R2 Active Directory. These files are there for informational purposes only for showing what Longhorn Server will bring along when it'll arrive.

Windows Vista Bitlocker recovery keys cannot be stored in the Active Directory before extending the schema and modifying AD permissions. The information and tools to perform these preliminary tasks will become available some time in the near future - when it's ready, I guess ;) In the mean time, you could have a look on extending the schema for Vista wired and wireless group policy @ http://www.microsoft.com/technet/network/wifi/vista_ad_ext.mspx.

Filed under:

# re: Windows Vista Bitlocker recovery keys and Active Directory schema extension

Thursday, January 11, 2007 8:29 AM by Alun Jones

I couldn't find any public statement from Microsoft to this effect - can you find anything that says what schema extensions are appropriate to apply now, and which aren't? Surely this should be in a readme with the adprep.exe, but I don't find anything there, either - what am I missing?

# re: Windows Vista Bitlocker recovery keys and Active Directory schema extension

Thursday, January 11, 2007 9:27 AM by mika

Vista online help contains section "How do I use Active Directory for backup of BitLocker Drive Encryption recovery information?". There is the following reference:

"For step-by-step instructions for configuring Active Directory and Group Policy to support the storage of recovery and owner information, see Guide to Using Active Directory Domain Services with BitLocker and TPM Services on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=67438)."

This document does not exist :( Unfortunately I don't have any further details. The extensions on the Vista RTM DVD do not work as such and a guide and some tools should be become available some time in the near future. Sorry that I can't be of more help at this point in time :(

Leave a Comment

(required) 
(required) 
(optional)
(required)