You have a failover cluster that contains five nodes. All of the nodes run Windows Server 2012 R2.
All of the nodes have BitLocker Drive Encryption (BitLocker) enabled.
You enable BitLocker on a Cluster Shared Volume (CSV).
You need to ensure that all of the cluster nodes can access the CSV.
Which cmdlet should you run next?
A.
Unblock-Tpm
B.
Add-BitLockerKeyProtector
C.
Remove-BitLockerKeyProtector
D.
Enable BitLockerAutoUnlock
Explanation:
4. Add an Active Directory Security Identifier (SID) to the CSV disk using the Cluster Name Object
(CNO) The Active Directory protector is a domain security identifier (SID) based protector for
protecting clustered volumes held within the Active Directory infrastructure. It can be bound to a
user account, machine account or group. When an unlock request is made for a protected volume,
the BitLocker service interrupts the request and uses the BitLocker protect/unprotect APIs to unlock
or deny the request. For the cluster service to selfmanage
BitLocker enabled disk volumes, an administrator must add the Cluster Name Object (CNO), which is
the Active Directory identity associated with the Cluster Network name, as a BitLocker protector to
the target disk volumes.
Add-BitLockerKeyProtector <drive letter or CSV mount point> -ADAccountOrGroupProtector –
ADAccountOrGroup $cno
http://technet.microsoft.com/en-us/library/dn383585.aspx
0
0