A
a-roncadin
Guest
I'm testing Bitlocker Drive Encryption on a remote device.
It is domain joined, but can only connect to our network via VPN. I am enabling Bitlocker with an SCCM Task Sequence (Pre-cached)
I have the GPO setting applied to the system (as per gpresults -h) that states "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds."
The task sequence involves multiple reboots to change some other settings, and the very last step is to Enable Bitlocker.....this means that obviously the VPN connection has been severed.
Yet when I log in, I see that Bitlocker was allowed to Enable for some reason WITHOUT a connection to the network. How is this possible ???????
The screenshot below shows me running "Manage-bde -protectors -adbackup c: -id {xxxx-xxx-xx...} and it still shows "Successful" when I have zero connectivity to our AD.
More...
It is domain joined, but can only connect to our network via VPN. I am enabling Bitlocker with an SCCM Task Sequence (Pre-cached)
I have the GPO setting applied to the system (as per gpresults -h) that states "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds."
The task sequence involves multiple reboots to change some other settings, and the very last step is to Enable Bitlocker.....this means that obviously the VPN connection has been severed.
Yet when I log in, I see that Bitlocker was allowed to Enable for some reason WITHOUT a connection to the network. How is this possible ???????
The screenshot below shows me running "Manage-bde -protectors -adbackup c: -id {xxxx-xxx-xx...} and it still shows "Successful" when I have zero connectivity to our AD.
More...