Bitlocker Password Recovery Viewer for Windows Server 2003
Bitlocker was designed to work with Windows Vista and Server 2008 and newer versions, but unfortunately some companies are still administering their environments with back ends based on Windows Server 2003 and Helpdesk staff using Windows XP.
In order to do a proper Bitlocker Administration, access to the Password Recovery keys for Bitlocker is critical. It took me a long time to gather all the information required to have access to the Bitlocker keys on Windows Server 2003, so I decided to share it with you!
1. The first step is to extend the Schema of your 2003 Domain to support the Bitlocker AD Attributes.
If you enable Bitlocker on machines before extending the schema the key will not be stored on Active Directory.
Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information:
This download includes a guide, the schema extention and a few additional scripts you will need to run to allow machines to auto-update TPM information.
2. The second step is to install the SP1 for the Windows Admin Tools Pack
Install Windows Server 2003 Service Pack 1 Administration Tools Pack
3. The third step is to install the actual Bitlocker Password Viewer for Active Directory.
In this case we are talking about a Windows Server 2003 SP1 or later. Unfortunately there is no direct link for this download. The only official way to get that is to log a support call with Microsoft. You might be lucky and find it somewhere else ;D
BitLocker Recovery Password Viewer for Active Directory Users and Computers
Note: This article also provides information about optional use of the BitLocker Recovery Password Viewer for XP-based computers. If you want to obtain the BitLocker Recovery Password Viewer tool for Windows XP/Windows Server 2003, please contact a Microsoft Support Professional.
The final result – You will get a tab for Bitlocker Recovery on the COMPUTER objects in Active Directory: