Finally, a management tool for Bitlocker

I first deployed Bitlocker and AD integration with Windows 7 Enterprise back before it was publicly released (that gap between when it gets released to Volume Licence customers, but not to the public). It wasn’t easy, and I had to use some interesting hacks and self-discovered cludges gleaned from old Vista documentation, as the Win 7 documentation hadn’t been released by Microsoft at the time. I had meant to document and release it as a quick-fix blog entry but the time passed and everything can be done properly now.

Since deployment, Bitlocker has been fantastic. The only issue we’ve had with Bitlocker since we deployed it is that of ensuring that end-users don’t suspend it or disable it, and that we most definitely have a good backup of the recovery key.

Effectively, without a management tool, you fly a bit blind until a problem comes up, or a Bitlockered laptop ends up in your lap with it disabled. Ignorance shouldn’t be bliss when it comes to full disk encryption and protecting your company’s data.

The AD backup of keys is a particular pain, as we’ve found that sometimes, Bitlocker just forgets to back itself up to AD when it’s enabled. To mitigate this, we’ve just instructed Bitlocker to also copy the key to a secure fileshare when it’s enabled during the MDT task, as well as backing it up to AD.

Fortunately, Microsoft have started to build a Bitlocker management tool called Microsoft Bitlocker Administration and Management. You can read more about it on the Windows Team Blog.

It’s still in Beta, but I’m looking forward to trying this out!

How to get WMC to play MKV files

How to get Windows Media Center to play MKV files on Windows 7

So I just bought an Acer Revo 3610 so that we can watch MKV files without converting them to MP4 and putting them on the Xbox/faffing around with 4GB file limits etc. The Revo is a brilliant box: cheap, tiny, near-silent and plays 1080p video with no dropped frames. I got mine from Amazon, if you’re curious. They had the best price at the time 🙂

Anyway, back to Windows Media Center. Out of the box, WMC doesn’t recognise MKV files. To get this to work:

1. Download and install Divx 7.
You only need the Codec bits, not the player/converter. This will setup MKV integration into WMC.

2. Download and install AC3 Filter
This will process AC3 audio if your MKV files has AC3 sound (a lot do, so it’s worth installing, otherwise you won’t get any sound)

3. Reboot your PC
4. Log back in, and open up WMC.
5. Ta-daa, you can now view (and hear!) MKV files 😀

Win7 + Bitlocker = Can’t Shutdown?

If you have Windows 7 with Bitlocker enabled, and are sometimes unable to shutdown your PC properly, check out this article: http://social.answers.microsoft.com/Forums/en-US/GettingReadyforWindows7/thread/66b6e093-9de7-4e76-84cf-322bd1e35f22

The hotfix is available here: http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=975496&kbln=en-us

Symptoms for us were that Windows 7 itself would shut down, but the power would not be switched off from the laptop, leaving it running (often with the fans whizzing away and LEDs on)

RSAT for Windows 7

The Remote Server Administration Tools for Windows 7 are available from the Microsoft website here:

Download RSAT for Win7

Enjoy 😉

Trying to automate creation of VPN connections under Win7

I’m currently playing with Connection Manager Administration Kit for Server 2008.

Why? Because with the advent of Windows 7 (and Vista, to a certain extent), it’s a complete pain in the butt to programme a tool like AutoIT to script and automate the configuration of a VPN connection for our end users. The key issue, is that Microsoft don’t seem to provide any “command line” shortcuts through things like DLLs or Shell extensions to quickly bring up the “Set up a new connection or network” wizard. Sad face.

http://www.windowsecurity.com/articles/Windows-Server-2008-Connection-Manager-Administration-Kit.html