Managing a remote computer
The Active Roles console allows you to open the Computer Management console from which you can administer a remote computer. Computer Management combines several administration utilities into a single console, providing easy access to the computer’s administrative properties and tools. You must have administrative rights on the computer to view certain information or to modify computer properties using Computer Management.
To manage a remote computer
- In the console tree, locate and select the folder that contains the computer account of the computer you want to manage.
- In the details pane, right-click the computer account, and then click Manage to open the Computer Management console.
|
NOTE: You can use the Find function of Active Roles to locate the computer account of the computer you want to manage. Once you have found the computer account, you can start Computer Management as follows: Right-click the computer account in the list of search results, and then click Manage. |
Using Remote Desktop Connection
From the Active Roles console, you can access a computer through Remote Desktop Connection. The Connect via RDP command on a computer object allows you to establish a Remote Desktop Connection session to the computer represented by that computer object in Active Directory.
By supporting Remote Desktop Connection, Active Roles enables you to access a remote computer from your computer running the Active Roles console. However, the object representing the remote computer must be available in the console. This requires that the remote computer be a member of one of the domains managed by Active Roles. Additionally, the commonly-known requirements must be met that apply to Remote Desktop Connection: The remote computer must have Remote Desktop enabled, it must be available on the network, and it must be configured so that the user has permission to connect.
To access a computer through Remote Desktop Connection
- In the Active Roles console, locate the desired computer object.
- Right-click the computer object and then click Connect via RDP.
Viewing BitLocker recovery passwords
Active Roles allows you to locate and view BitLocker recovery passwords that are stored in Active Directory. This tool helps to recover data on a drive that has been encrypted by using BitLocker. You can examine a computer object’s property pages to view the corresponding BitLocker recovery passwords. Additionally, you can perform a domain-wide search for a BitLocker recovery password.
Administrators can configure BitLocker Drive Encryption to back up recovery information for BitLocker-protected drives to Active Directory. Recovery information includes the recovery password for each BitLocker-protected drive, and the information required to identify which computers and drives the recovery information applies to. Backing up recovery passwords for BitLocker-protected drives allows administrators to recover the drive if it is locked, thereby ensuring that authorized persons can always access encrypted data belonging to the enterprise.
To view BitLocker recovery passwords, you must have been granted the appropriate permissions in Active Roles. The following Access Template provides sufficient permissions to view BitLocker recovery passwords:
- Computer Objects - View BitLocker Recovery Keys
- In addition, viewing BitLocker recovery passwords in a given Active Directory domain requires the following:
- The domain must be configured to store BitLocker recovery information (see “Backing Up BitLocker and TPM Recovery Information to AD DS” at http://technet.microsoft.com/en-us/library/dd875529.aspx).
- The computers protected by BitLocker must be joined to the domain.
- BitLocker Drive Encryption must have been enabled on the computers.
Steps for viewing BitLocker recovery passwords
The following procedures describe the most common tasks that apply to locating and viewing BitLocker recovery passwords.
To view the BitLocker recovery passwords for a computer
- In the Active Roles console, locate the desired computer object.
- Right-click the computer object, and then click Properties.
- In the Properties dialog box, click the BitLocker Recovery tab to view the BitLocker recovery passwords that are associated with the computer you’ve selected.
To copy the BitLocker recovery password for a computer
- Follow the steps in the previous procedure to view the BitLocker recovery passwords.
- On the BitLocker Recovery tab of the Properties dialog box, perform the following steps:
- In the BitLocker Recovery Passwords list, click the desired password ID.
- Right-click in the Details box, click Select All, and then click Copy.
- Press CTRL+V to paste the copied text to a destination location, such as a text file or spreadsheet.
You can use the Active Roles Web Interface to view the BitLocker recovery passwords for a computer: Select the computer object and then choose the BitLocker Recovery command.
To locate a BitLocker recovery password
- In the Active Roles console or Web Interface, select the domain object, and then choose the Find BitLocker Recovery Password command.
- On the Find BitLocker Recovery Password page, type the first eight characters of the BitLocker recovery key identification in the Password ID (first 8 characters) box, and then click Search.
You can also search for a BitLocker recovery password in all managed domains by choosing the Find BitLocker Recovery Password command on the Active Directory node in the Active Roles console or Web Interface.