Thanks Niall. This was a great video! I'm just wondering if you could share how to decrypt the keys in Sql. All my attempts have been a dismal failure.
@ncbrady
2 жыл бұрын
thanks ! if you look at the stored procedures they are already doing just that, dig deeper and you'll figure it out
@minicustom
2 жыл бұрын
@@ncbrady Thanks! That helped. Logic prevailed!
@lenneyyip1300
Жыл бұрын
Niall, if you don't install the MDOP agent, will the recover key still change on a schedule?
@ncbrady
Жыл бұрын
good question, while i cannot currently prove it (this was a lab after all), the SCCM client agent will now handle the key upload etc, so it should take care of this, are you not seeing this happening ?
@Nomelzor
Жыл бұрын
Hey Niall I'm curious if you know why a device ItemKey is NULL under ___hardwarecore.machines?(could add that TpmPolicyState is -1) I can see that a recovery key was added from the ts under ____hardwarecore.keys.
@perfektais
Жыл бұрын
Hello! Under task sequnce, shouldn't I also specify the step that installs the MDOP agent? Thank you!
@ncbrady
Жыл бұрын
hi Andris, did you see www.niallbrady.com/2022/03/03/escrow-bitlocker-recovery-password-to-the-site-during-a-task-sequence-in-configuration-manager-2203/ which states "Note: You do NOT need to install the MDOP Agent as part of the task sequence and you do NOT need to run any PowerShell script for this functionality to work."
@perfektais
Жыл бұрын
@@ncbrady Thank you!
@revolutionar
Жыл бұрын
Hi Niall, when you are using this new method of escrowing the Recovery key during TS, do you need also to have CM Bitlocker policies deployed on that particular machine during build time?
@ncbrady
Жыл бұрын
hi Marcel, no as it's handled via the settings defined in the task sequence
@AJBOJACK
9 ай бұрын
@@ncbrady Hi Niall, great video, as per Marcel comment. If you are building new VM/machines is there any point of the bitlocker management policy or is that just to enfore bitlocker on machines which don't have it. For some odd reason i am seeing 2 keys being generated on the AD object and within the database. The key is also not recoverable instantly via the helpdesk portal unless the recoverykeypackage has been added to the database. Which only happens to appear once a user has logged on to the machine directly (console not RDP) i checked this on multiple test VMs. Hoping you could help on this as I been scratching my head on this one.
Пікірлер: 14