This article describes how to use the BitLocker Recovery Password Viewer for Active Directory Users and Computers tool. The BitLocker Drive Encryption feature is a data protection feature that is included with the following versions of Windows Vista:
- Windows Vista Ultimate
- Windows Vista Enterprise
You can use this tool to help locate BitLocker Drive Encryption recovery passwords for Windows Vista-based computers in Active Directory Domain Services (AD DS). The Active Directory Users and Computers Microsoft Management Console (MMC) snap-in must be installed via the Remote Server Administrator Tools (RSAT).
BitLocker To Go Reader bitlockertogo.exe is an application that enables you to access the BitLocker-protected drives. When you use BitLocker To Go Reader in Windows Vista and in Windows XP, you can OPEN and view the content of the BitLocker-protected drives that are encrypted in Windows 7. By default, BitLocker To Go Reader is stored on an un-encrypted part of removable drives that are protected with BitLocker. Continue reading “Description of BitLocker To Go Reader”
When using Microsoft Deployment Toolkit 2008 to deploy a Bitlocker Ready Image of Windows Vista SP1 or Windows Server 2008, you receive the following error message when deploying the image:
Unable to find BdeHdCfg.exe. rc=1
Unable to merge BDE partition BdHdCfg Code:1
Unable to merge BDE partition
ZTIERROR - Non-Zero return code by ZTIBde. rc=1
Non-zero return code executing command "C:\Minint\Tools\x86\TsmBootstrap.exe"
In Windows Vista, you configure Microsoft BitLocker Drive Encryption to use a key that is stored on a USB device. Then, you disconnect the USB device when the computer is in hibernation. When the computer resumes from hibernation, you receive an error message that informs you of the following:
The BitLocker Drive Encryption key is needed to resume the computer. You can press ENTER to perform a recovery of the computer. You can manually enter the key, or you can insert the USB device that contains the key, and then press ESC to restart the computer.
After you manually enter the key, or you insert the USB device that contains the key, and you press the ESC key, one of the following problems occurs:
- The computer crashes.
- The computer does not restart.
- The screen flashes or displays garbled characters on the screen.
Describes the behavior of the BitLocker Drive Encryption feature when a Windows Vista-based computer resumes from sleep. It also discusses the advanced authentication modes that are available for the BitLocker Drive Encryption feature. Continue reading “Behavior of the BitLocker Drive Encryption feature when a Windows Vista-based computer resumes from sleep”
If you don’t partition your drive correctly before the OS install, you won’t be able to install Bitlocker. This tool will create another volume to boot from so that you can get BitLocker set up. Continue reading “BitLocker Drive Preparation Tool Available For Download – Get Connected With Aubrey”
You use BitLocker Drive Encryption to encrypt non-operating-system volumes on a Windows Vista Service Pack 1 (SP1)-based computer. Then, you roll back Windows Vista SP1 to the release version of Windows Vista. In this situation, you may not have automatic access to the BitLocker-encrypted data volumes.
After you wake a Windows Vista-based portable computer from hibernation, you may receive the following error message:
Windows BitLocker Drive Encryption Information
The system boot information has changed since BitLocker was enabled.
You must supply a BitLocker recovery password to start this system.
Confirm that the boot changes to this system are authorized.
If the changes to the boot system are trusted, then disable and re-enable BitLocker.
This will reset BitLocker to use the new boot information.
Otherwise, restore the system boot information.
Operating System: Windows Vista
This problem occurs after you enable the BitLocker Drive Encryption feature on the portable computer and then put the computer in hibernation. This problem occurs even after you disable and then re-enable the BitLocker Drive Encryption feature, as suggested in the error message.
In Windows Vista and in Windows Server 2008, the recovery password for Windows BitLocker Drive Encryption is not Federal Information Processing Standards (FIPS)-compliant. Therefore, you may encounter the following issues when the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Group Policy setting is enabled.
When you manually add a recovery password at a command prompt, you receive the following error message:
The numerical password was not added. The FIPS Group Policy setting on the computer prevents recovery password creation.
When you try to encrypt a drive on which BitLocker recovery passwords are required, you cannot encrypt the drive as expected. Additionally, you receive the following error message:
Cannot Encrypt Disk. Policy requires a password which is not allowed with the current security policy about use of FIPS algorithms.
When you encrypt a drive, a recovery key is created, but no recovery password is created as a key protector.
A recovery password is not archived in the Active Directory directory service.