BitLocker: Is there a GPO option to forbid decryption/re-encryptio

Posted: 07-05-2006, 08:45 PM
I see GPO settings to set options for BitLocker, such as mandating recovery
keys into AD or the level of encryption, but is there an option to keep a
user from decrypting the drive once it has been deployed to them as encrypted?

This applies to the case where a company policy deploys all laptops with
encryption, and doesn't want users to decrypt or re-encrypt the drive
themselves.

Thanks!

BitLocker: Is there a GPO option to forbid decryption/re-encryptio


Responses to "BitLocker: Is there a GPO option to forbid decryption/re-encryptio"

Jamie Hunter [MS]
Guest
Posts: n/a
 
Re: BitLocker: Is there a GPO option to forbid decryption/re-encryptio
Posted: 07-10-2006, 06:29 PM
There is currently no GPO to block this.
You can catch this with a 'health check' script, in particular to
(a) make sure the backup key is backed up (you can set a GPO to require that
this key is always backed up, which will block encryption if the AD is not
available)
(b) make sure the volume is encrypted, and to begin encrypting if the user
manually decrypted it / paused it.

Or, our more preferred approach, is to not allow the user to be able to log
on as an Administrator .

-
Jamie Hunter [MS]

"tavis" <tavis@discussions.microsoft.com> wrote in message
news:7B9658F3-9C70-4BCC-8415-5D0B6F4E116B@microsoft.com...
>I see GPO settings to set options for BitLocker, such as mandating recovery
> keys into AD or the level of encryption, but is there an option to keep a
> user from decrypting the drive once it has been deployed to them as
> encrypted?
>
> This applies to the case where a company policy deploys all laptops with
> encryption, and doesn't want users to decrypt or re-encrypt the drive
> themselves.
>
> Thanks!
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
BitLocker MICHAEL Windows Vista Security 12 10-10-2007 06:49 PM
view option Gay Windows Vista File Management 0 03-28-2007 12:09 AM
'Select All' option Jane C Windows Vista File Management 1 01-08-2007 06:03 AM
One User Option Needed. Ol_Red Windows Vista Administration 2 06-15-2006 08:23 AM
One User Option Needed. Ol_Red Windows Vista File Management 0 06-14-2006 06:23 PM