[Solved] Usage of Active Directory Credentials for Microsoft BitLocker

Secure Authentication using Active Directory Credentials

Beginning with Windows 8, Microsoft BitLocker supports password authentication without any TPM requirement. To use the BitLocker password protector the TPM support need to be disabled on a client machine. This gives great encryption possibilities for older clients not offering a modern TPM chipset. By the use of the password protectors Windows Server systems as well as virtual systems can be encrypted.

Authentication Limitations

Unfortunately, the password protector does have multiple limitations, we asked customers to summarize:

  1. Missing username in the authentication process. The password is a machine authentication and does not support multiple users.
  2. The password does not synchronize with any Active Directory password; therefore users need to memorize the BitLocker boot password in addition to the domain credentials for Windows logon.
  3. BitLocker does not support single sign-on after successful pre-boot-authentication.
  4. The pre-boot password is not stored centrally therefore helpdesk support is not available for the password protector.
  5. In case of a lost or forgotten BitLocker password users need to handle the 48-digit Microsoft recovery key to unlock the client.

Active Directory Credentials for Microsoft BitLocker

Enterprises complain about the missing domain credential authentication support of Microsoft BitLocker. This gap is closed with the BitLocker add-on Secure Disk for BitLocker, as the enhanced pre-boot-system offers LAN and Wireless network support for Active Directory authentication:

  • Domain users can conveniently unlock Microsoft BitLocker in a fully graphical pre-boot-authentication system using their well-known domain credentials.
  • Furthermore, the user provided domain credentials are used to single sign-on to the Windows operating system.
  • Even if the Active Directory password is forgotten, domain administrators can set a new ADS password and allow an encryption user to unlock his client.
  • Active Directory authentication greatly reduces user helpdesk and improves the user acceptance of client encryption.

Do see the advantage for enterprises we offer a 30-day evaluation for Secure Disk for BitLocker free of charge. Use our Secure Disk for BitLocker download option to request the software.

Leave a Reply

Your email address will not be published.