Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bit Locker

1 view
Skip to first unread message

Phillips

unread,
Jan 5, 2010, 2:10:28 PM1/5/10
to
Is it safe/recommended to encrypt the a drive/volume which contains AD DB or
SYSVOL? What kind of challenges does it pose?


Meinolf Weber [MVP-DS]

unread,
Jan 5, 2010, 5:29:25 PM1/5/10
to
Hello Phillips,

You can of course encrypt a DC drive with bitlocker, but in my opinion this
makes only sense in an environment where a DC can not be physically safed.
Also you have to keep in mind that this only helps, if the server is shutdown
and should be started new without having the correct key available. there
is no influence on the AD database or sysvol when bitlocker is used.

See here about preparing a server core install for bitlocker:
http://www.biztechmagazine.com/article.asp?item_id=447

Also see here about using bitlocker for Hyper-V VMs:
http://www.microsoft.com/downloads/details.aspx?FamilyID=2c3c0615-baf4-4a9c-b613-3fda14e84545&DisplayLang=en

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Jorge Silva

unread,
Jan 5, 2010, 6:26:03 PM1/5/10
to
Hi
I would say that you shouldn't place DCs were you can't guarantee their
security. This includes RODCs (some people will disagree, but I don't care).

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup


This posting is provided "AS IS" with no warranties, and confers no rights.


"Phillips" <Phil...@live.com> wrote in message
news:ufBk1qjj...@TK2MSFTNGP04.phx.gbl...

Jorge de Almeida Pinto [MVP - DS]

unread,
Jan 7, 2010, 6:05:19 PM1/7/10
to
he's probably talking about me, because I do disagree! (RODC part only) ;-)

For RWDCs, yes: DO NOT PLACE THOSE IN INSECURE LOCATIONS!

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"Jorge Silva" <jorges...@hotmail.com> wrote in message
news:CE465F25-5E96-4FFA...@microsoft.com...

> __________ Information from ESET Smart Security, version of virus
> signature database 4752 (20100107) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>

__________ Information from ESET Smart Security, version of virus signature database 4752 (20100107) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Jorge de Almeida Pinto [MVP - DS]

unread,
Jan 7, 2010, 6:07:34 PM1/7/10
to
even in secure locations...

you might have a scenario where the DC is secured, but non-Domain admins may
have access

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dbc5f8...@msnews.microsoft.com...

Meinolf Weber [MVP-DS]

unread,
Jan 8, 2010, 5:07:14 AM1/8/10
to
Hello Jorge de Almeida Pinto [MVP - DS],

1:0 for you. :-)

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> even in secure locations...
>
> you might have a scenario where the DC is secured, but non-Domain
> admins may have access
>

Jorge Silva

unread,
Jan 11, 2010, 4:14:28 PM1/11/10
to

Worse than assuming that an existing infrastructure has security issues, is
to think that your environment is secure... That can lead you to disaster.
:)

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Jorge de Almeida Pinto [MVP - DS]"

<SubstituteThisWithMyF...@gmail.com> wrote in message
news:uOk0r3#jKHA...@TK2MSFTNGP06.phx.gbl...

0 new messages