Support Forum

Hello,

Have been evaluating the plug-in for sometime and comparing the data it collects against our current tool for managing BitLocker and we are ready to try and use this as a primary tool for managing Bitlocker at a smaller client we are on-boarding.

In doing so we are trying to see if there is anywhere listed that gives an explanation of the key protectors?



Also I see there is now a Set Auto Unlock which I assume is for drives that do not have an OS on them, to use that we need to have the drive already encrypted prior to adding that, or can we add that when we select a key protector?

Is there a specific workflow we should follow when encrypting a drive, all machines have TPM chips, should we first select TPM protector and let it encrypt and then come back and add a recovery key protector? Or does enabling encryption with TPM Protector automatically generate a recovery key?

Great questions!

Ok so,

You can have multiple key connectors on a single drive, each one may require some data provided but only a few.

The key protector tool just applies key protectors or functions to the drive, it does not take away or disables any other key protector.

Everything is done in layers so if you want a basic TPM and recovery key and auto unlock for non OS drive then you will need to run the tool 3 times. Each key protector will be listed in main agent view afterwards were you can then manage that protector (enable/disable/suspend/delete etc....). If you want multiple key types in a single key then select that key type, apply it and then if needed remove conflicting key types. MS docs notes this process at the bottom of the post we made on it.


The auto unlock is a function and not a key protector so it will not show up as a key protector after execution in the main agent view.

Here is that MS documentation information from the MS docs on key protectors here on our forums referenced above.

viewtopic.php?p=9465#p9465

See if that helps.