Hi, we want to disable bitlocker on all workstations to prevent users from encrypting their drive by mistake and we have a third party solutions for laptops.
All our users are admins of their workstations, so we can't just disable it, cause they have the ability to reenable it.
I've seach everywhere for a way to disable it through GPO, registry or any other way, but there doesn't seem to be any.
Really need help with this
Welcome to MSFN ForumRegister now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account
Posted 12 February 2010 - 07:59 AM
Posted 12 February 2010 - 09:04 AM
There's no way to disable bitlocker, but if your users are already running as non-administrators they cannot enable it anyway. One trick you could try is to set up in GP the configuration to store keys in AD, but don't extend your AD schema and don't configure it for storing bitlocker keys (it'll fail if someone does manage to run it on a domain machine). But no, there are no inbox options for actually *disabling* bitlocker entirely.
Posted 14 February 2010 - 04:20 PM
You can easily disable Bitlocker by simply setting the Bitlocker Drive Encryption Service to disabled and stopped. You could also stop and disable the TPM Base Services service as the Bitlocker service uses it for every mode except one.
Edited by SyntaxError, 14 February 2010 - 04:24 PM.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users