Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Bitlocker


  • Please log in to reply
2 replies to this topic

#1
lalanc01

lalanc01
  • Member
  • 1 posts
  • Joined 12-February 10
Hi, we want to disable bitlocker on all workstations to prevent users from encrypting their drive by mistake and we have a third party solutions for laptops.

All our users are admins of their workstations, so we can't just disable it, cause they have the ability to reenable it.

I've seach everywhere for a way to disable it through GPO, registry or any other way, but there doesn't seem to be any.

Really need help with this

Steph


How to remove advertisement from MSFN

#2
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag
There's no way to disable bitlocker, but if your users are already running as non-administrators they cannot enable it anyway. One trick you could try is to set up in GP the configuration to store keys in AD, but don't extend your AD schema and don't configure it for storing bitlocker keys (it'll fail if someone does manage to run it on a domain machine). But no, there are no inbox options for actually *disabling* bitlocker entirely.
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#3
SyntaxError

SyntaxError

    Member

  • Member
  • PipPip
  • 150 posts
  • Joined 04-January 05
  • OS:none specified
  • Country: Country Flag
You can easily disable Bitlocker by simply setting the Bitlocker Drive Encryption Service to disabled and stopped. You could also stop and disable the TPM Base Services service as the Bitlocker service uses it for every mode except one.

Edited by SyntaxError, 14 February 2010 - 04:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users