Your company has several branch offices.Your network consists of a single Active Directory domain.
Each branch office contains domain controllers and member servers. The domain controllers run Windows
Server 2003 SP2. The member servers run Windows Server 2008 R2.
Physical security of the servers at the branch offices is a concern.
You plan to implement Windows BitLocker Drive Encryption (BitLocker) on the member servers.
You need to ensure that you can access the BitLocker volume if the BitLocker keys are corrupted on the
member servers. The recovery information must be stored in a central location.
What should you do?
A.
Upgrade all domain controllers to Windows Server 2008 R2. Use Group Policy to configure Public Key
Policies.
B.
Upgrade all domain controllers to Windows Server 2008 R2. Use Group Policy to enable Trusted Platform
Module (TPM) backups to Active Directory.
C.
Upgrade the domain controller that has the schemamaster role to Windows Server 2008 R2. Use Group
Policy to enable a Data Recovery Agent (DRA).
D.
Upgrade the domain controller that has the primary domain controller (PDC) emulator role to Windows
Server 2008 R2. Use Group Policy to enable a Data Recovery Agent (DRA).
Explanation:
BACKUP BITLOCKER AND TPM TO ACTIVE DIRECTORY (CENTRAL LOCATION)
To secure the backup solution of BitLocker and allow automatic unlock of BitLock, it requires central storage of
BitLocker recovery information in AD.
1. Extend the AD schema with BitLocker and TPM attributes (for Windows Server 2003 Schema Master only).
Minimal requirement of the domain controllers for saving recovery information in AD DS is Wndows Server
2003 SP1 (i.e. no need to upgrade all domain controllers as mentioned in the answer).
2. Enable group policy setting to backup TPMrecovery information to AD DS.
3. Enable group policy setting to backup BitLockerrecovery information to AD DS.
http://technet.microsoft.com/en-us/library/dd875529.aspx