Audit your Bitlocker implementation by reviewing your Bitlocker Recovery Passwords in your Active Directory and quickly detect machines with missing recovery passwords.
Cobynsoft’s AD Bitlocker Password Audit is a Windows utility for querying your Active Directory for all or selected computer objects and returning their recovery password and volume information in a grid-view format giving you a quick overview of the status of your current password recovery capabilities.
If you have configured your BitLocker Drive Encryption to back up recovery information for BitLocker-protected drives and the Trusted Platform Module (TPM) to Active Directory Domain Services (AD DS) the backed up BitLocker recovery information is stored in a child object of the computer object. That is, the computer object is the container for a BitLocker recovery object. Each BitLocker recovery object includes the recovery password and other recovery information. The recovery password is stored in the msFVE-RecoveryInformation attribute and if you have incorporated this process in your environment you have most likely also installed the Bitlocker Recovery Password Viewer for Active Directory so that you can view the recovery password for selected computer objects. If this is the case, you may also have asked your self the following questions:
- I’ve just implemented Bitlocker, but how do I know that the recovery passwords are being populating for all of my computers?
- How can I identify machines that have problems with the Bitlocker process?
- How can I identify which machines do NOT have a recovery password?
You could answer these questions by opening the properties for each of your computer objects and locating the Bitlocker Password Recovery tab. But, as you can imagine this is a very tedious project for a domain with hundreds or even thousands of computers. This is where the AD Bitlocker Password Audit utility comes in handy.
Supports machines with multiple associated keys including Bitlocker-to-Go.
Windows 2000/Windows 7/Windows 8/Windows XP/Windows Server 2003/Windows Server 2008/Windows Server 2012