All client computers on your company network run Windows 7. Your company has a Windows Server2008 domain.
You plan to use Group Policy to enable BitLocker Drive Encryption (BDE).
You need to ensure that the following requirements are met:
All BitLocker recovery keys are stored in a central location.
Data is encrypted only after a backup of the recovery key is available.
What should you do?
A.
Run the manage-bde -on -ForceRecovery command.
B.
Enable the Choose default folder for recovery password setting.
C.
Enable the Store BitLocker recovery information in Active Directory Domain Services setting.
D.
Enable the Choose how users can recover BitLocker encrypted drives setting. Set the 256-bit recovery key to Require recovery password.
To enable the local policy settings to back up BitLocker and TPM recovery information to Active Directory
Log on to the computer as an administrator.
Click Start, type the following in the Start Search box, and then click ENTER:
gpedit.msc
To enable Group Policy settings to back up BitLocker recovery information to Active Directory:
Open Computer Configuration, open Administrative Templates, open Windows Components, and then open BitLocker Drive Encryption.
In the right pane, double-click Turn on BitLocker backup to Active Directory.
Select the Enabled option.
Verify that the Require BitLocker backup to AD DS check box is selected.
Enable Group Policy setting to back up TPM recovery information to Active Directory.
Open Computer Configuration, open Administrative Templates, open System, and then open Trusted Platform Module Services.
In the right pane, double-click Turn on TPM backup to Active Directory.
Select the Enabled option.
Verify that the Require TPM backup to AD DS check box is selected.