Hey Everyone,
I'm about ready to put my fist through the computer screen over this.. So hopefully someone can help and save my monitor from my wrath!
I am trying to implement a group policy to automatically back up TPM and Bitlocker recovery information from a Windows 10 client to Active Directory.
I followed the instructions here: https://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx
Then I discovered this information doesn't apply to Windows 8+, so I followed the directions here to extend the schema for 8+: https://technet.microsoft.com/en-us/library/jj592683.aspx
Both the commands:
manage-bde -protectors -get C:
manage-bde -protectors -adbackup C: -id {...}
Execute without any problems, the former displaying the Key Protectors, the latter stating that recovery information was sucessfully backed up to Active Directory.
However, msTPM-TpmInformationForComputer remains <not set>. There is an entry added to the TPM Devices folder (see the attached images) under my OU, but I can find no way to link it back to the computer, making it not overly useful for recovery purposes. (This is the only machine in the environment currently doing this, but it obviously wont work in production like this).
Anyone have any ideas what I may have done wrong here? Will this just not work under Server 2008 (not R2)?