This topic contains 3 replies, has 2 voices, and was last updated by
September 5, 2017 at 1:49 pm #78844ParticipantTopics: 1Replies: 1Points: 0Rank: Member
I'm facing an issue enabling BitLocker with a SID-Based Identity protector.
Reading the documentation (https://technet.microsoft.com/en-us/itpro/powershell/windows/bitlocker/enable-bitlocker), i'm trying to follow the example 3 :
Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes128 -AdAccountOrGroup "Western\SarahJones" -AdAccountOrGroupProtector
I just changed the EncryptionMethod by XTSAES256 and I get this error :
" To turn on BitLocker with a SID-Based Identity protector on this volume, you must provide at least one additional protector for recovery"
I don't understand what is wrong...
Thanks a lot and regards
September 5, 2017 at 1:54 pm #78847KeymasterTopics: 13Replies: 4872Points: 1,811Rank: Community Hero
So, this is what we'd call a "problem," not an "issue" :).
The difference is likely in how your volumes are configured – yours seem to want a Recovery Key. https://technet.microsoft.com/en-us/library/jj647767(v=ws.11).aspx discusses some of the details of that.
September 6, 2017 at 9:01 am #78926ParticipantTopics: 1Replies: 1Points: 0Rank: Member
Reading the full help for Add-BitLockerKeyProtector :
"Active Directory Domain Services (AD DS) account. BitLocker uses domain authentication to unlock data volumes. Operating system volumes cannot use this type of key protector."
It seems that AD DS account is not compatible with Operating System, the error with Enable-BitLocker seems indicate other thing.
Is there a way to implement TPM + AD DS account authentication to unlock OS volumes?
Thanks a lot,
September 6, 2017 at 11:47 am #78937KeymasterTopics: 13Replies: 4872Points: 1,811Rank: Community Hero
Sorry – I'm a PowerShell guy but not much of a BL expert.
The topic ‘Issue to enable BitLocker with a SID-Based Identity protector’ is closed to new replies.