Here at the LazyAdmin we have talked quite a bit about using BitLocker with Windows Vista. With the introduction of Server 2008 you can now also leverage Bitlocker with your 2008 servers. This is particularly attractive when deploying Read Only Domain Controllers (RODC) to remote locations where physical security is questionable.
One BitLocker features is the ability to backup your Bitlocker encryption key to the Active Directory. In previous articles we have talked about enabling GPOs that can automatically backup BitLocker to AD. However how do you see the BitLocker keys in the event that you need to access them?
The answer is the BitLocker Recovery Password Viewer:
http://www.microsoft.com/downloads/details.aspx?familyid=2786FDE9-5986-4ED6-8FE4-F88E2492A5BD&displaylang=en
The Password Viewer will work on any computer that is runs the Active Directory users and Computers console (ADUC). In fact the viewer integrates into the ADUC console. In order to integrate the add on the you must register the viewer component. In order to properly register the component you must run the installation as an Enterprise Administrator. After the component has been registered a standard domain account will suffice to view BitLocker keys.
After downloading the MSU package and running it, open a command prompt and change directory to "%systemroot%\Windows\"
Type: regsvr32.exe bdeaducext.dll
Once the DLL has successfully been integrated a confirmation message will appear. Click OK and exit the command prompt.
Open ADUC and open the properties dialog of a Computer object.
Notice there is a new tab called BitLocker, this tab is where you can access the BitLocker recovery key. Below is a screen from a computer that has BitLocker enabled, and one that does not.
You can also search for the BitLocker Recovery Password.
With the addition of the Bitlocker Recovery Viewer, the Bitlocker is truly a complete and very well integrated solution for securing the contents on mobile computers, and servers in less secure branch locations.