Microsoft Enterprise Platforms Support: Windows Server Core Team
EPS Team Blogs
Product Team Blogs
Customers using BitLocker Drive Encryption to protect a volume might be curious to know, how to verify BitLocker Recovery keys in SQL database for MBAM.
Consider this scenario: A Volume is already BitLocker encrypted and recovery information is backed up in Active Directory. We install the MBAM client on a Windows 7 client machine and the MBAM agent back’s up the recovery key for all encrypted volumes in the SQL DB.
To verify the 48 digit recovery password was saved within SQL do the following:
SELECT TOP 1000 [Id]
,[Disclosed]FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys]
If you want to search for a specific recovery key id then use this query.
FROM [MBAM Recovery and Hardware].[RecoveryAndHardwareCore].[Keys] WHERE RecoveryKeyId LIKE 'a0b84b65%'
For further information on MBAM and how it can help your environment, please consult the following documentation.
Planning Guide: http://onlinehelp.microsoft.com/en-us/mdop/hh285653.aspx
Deployment Guide: http://onlinehelp.microsoft.com/en-us/mdop/hh285644.aspx
Operations Guide: http://onlinehelp.microsoft.com/en-us/mdop/hh285664.aspx
Troubleshooting MBAM: http://onlinehelp.microsoft.com/en-us/mdop/hh352745.aspx
Manoj Sehgal Senior Support Escalation Engineer Microsoft Enterprise Platforms Support
I am actually having an issue with this. All other data is being written to the databse tables except for the key.
We have 8 entries in the database, but then any systems with mbam client installed doesn't update the keys in the db. On the machine's event viewer it indicates encryption status was uploaded to db
What happen if I do the encryption succesfull in a laptop and 2 minutes after a disaster break my DB SQL server. Thinking I would get a backup 1 hour ago? How can I recovery the laptop recovery key?
Sorry for my english!