When storing a client's BitLocker recovery infromation in Active Directory, is this sent to AD in clear-text or securely?

I know that when you enforce storing the BitLocker recovery information in Active Directory (via GPO), it is stored in the computer object's ms-FVE-RecoveryPassword attribute. Microsoft also has some great information on How to use Active Directory for backup of BitLocker Drive Encryption recovery information. However, it isn't clear how securely this information is transferred from the client being encrypted to the domain controller storing this information.

When storing a client's BitLocker recovery infromation in Active Directory, is this sent to AD in clear-text or securely?
When storing a client's BitLocker recovery infromation in Active Directory, is this sent to AD in clear-text or securely?

My question is if this recovery password is encrypted when it is passed from the client to Active Directory, or if it is sent in clear text. I assume it is encrypted, but for sanity's sake I want to verify this.

Does anyone know?

Replay

Seeing that there's already a PKI pair between AD and your Computer Account, I would assume that it's encrypted using that signature. There's only one way to check it out, but I don't have any bit-locker encrypted systems and I'm not on my network to verify.

Category: windows server 2008 Time: 2011-01-24 Views: 6

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.264 (s). 12 q(s)