Announcement

Collapse
No announcement yet.

Bit Locker

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bit Locker

    Interesting question, I am trying to figure out how to see the bitlocker for computer objects. When you view all AD attributes, it isn't there. When looking through a normal mmc and you select the computer object in the left pane. You see the bit locker key on the right.

    I looked at adsiedit and get the same results. So exactly how do I view this information from Hyena?

  • #2
    Re: Bit Locker

    When you say you get the same results in adsiedit, do you mean you see the data there? If so, add those fields to a query in Object Manager and see if you can get data that way.

    Comment


    • #3
      Re: Bit Locker

      Sent you a screen shot Chuck. It is as the bitlocker key isn't really an attribute on the object in AD but when you select the object in the left pane you will see the bitlocker key in the right pane.

      Comment


      • #4
        I found out that I needed to add myself to the Enterprise admins group to register the DLL (one time per new environment). This article tells you how to enable the feature in Windows 7. So I guess the question is if one has their environment setup, had enterprise admins rights or delegated rights to view the key and has this feature installed on their windows 7 workstation. Could Hyena "then" add the feature to see the Bitlocker tab?
        06-06-2011-20-57-45_thumb.jpg
        SOURCE

        Comment


        • #5
          If you right click on the computer, select Directory Functions > Shell Properties, do you then see the Bit Blocker recovery tab ?
          Kevin Stanush
          SystemTools Software Inc.

          Comment


          • #6
            Yes I do,
            10 characters

            Comment


            • #7
              OK, I'm confused. I originally thought the Windows was putting some sort of key symbol next to a bitlocker-enabled computer. But in your post above, I see that you get an additional property page on the shell properties. So everything is good and OK, right ?
              Kevin Stanush
              SystemTools Software Inc.

              Comment


              • #8
                Yea, I can see it through shell properties but that is the built in DSA.msc. I was hoping it was something you could add in Hyena to see. In the DSA.msc snapin, if you select the computer object on the left it will give a display like this.
                bitlocker-rightpane.jpg

                I added a custom attribute msFVE-RecoveryInformation and it shows empty.
                Last edited by Trammel; 01-30-2012, 06:12 PM.

                Comment


                • #9
                  OK, now I get it. You want to be able to get the key information into Hyena's displays. Got it !.

                  After doing a bit of searching I found the problem. Microsoft implemented this little feature whereby the bitlocker information is kept in a sub-container under the container. This makes it trickier to get the data, as everything is then stored in the other container. Think of it as a sub-directory in a directory, where the computer is the directory.

                  I'm having trouble coming up with a working example on my computer, as sub-containers under users and computers are fairly rare in AD, usually only implemented by Microsoft and few 3rd party products that need to do unique things.

                  The first thing to try is to go into Tools->Settings->Active Directory and turn on the last option to view users, groups, and computers as containers. Then, when you click on the plus next to a computer, user, etc. see if you see the container under it. It will be named msFVE-RecoveryInformation. Then, see what is in it. You should find an attribute named msFVE-Password. This should be a text attribute so you should be able to see it.

                  I think it might be possible to write a query to get all of the recovery passwords for all computers too, all you have to do is scan sublevels and look for that attribute. The only issue is going to be getting the parent levels so you would know where the attribute came from. This another reason why working with containers under an AD object is so difficult and confusing.
                  Kevin Stanush
                  SystemTools Software Inc.

                  Comment


                  • #10
                    Exactly! I figured I would ask now because someone is going to ask you sooner or later.

                    Comment

                    Working...
                    X