lalanc01 Posted February 12, 2010 Share Posted February 12, 2010 Hi, we want to disable bitlocker on all workstations to prevent users from encrypting their drive by mistake and we have a third party solutions for laptops.All our users are admins of their workstations, so we can't just disable it, cause they have the ability to reenable it.I've seach everywhere for a way to disable it through GPO, registry or any other way, but there doesn't seem to be any.Really need help with thisSteph Link to comment Share on other sites More sharing options...
cluberti Posted February 12, 2010 Share Posted February 12, 2010 There's no way to disable bitlocker, but if your users are already running as non-administrators they cannot enable it anyway. One trick you could try is to set up in GP the configuration to store keys in AD, but don't extend your AD schema and don't configure it for storing bitlocker keys (it'll fail if someone does manage to run it on a domain machine). But no, there are no inbox options for actually *disabling* bitlocker entirely. Link to comment Share on other sites More sharing options...
SyntaxError Posted February 14, 2010 Share Posted February 14, 2010 (edited) You can easily disable Bitlocker by simply setting the Bitlocker Drive Encryption Service to disabled and stopped. You could also stop and disable the TPM Base Services service as the Bitlocker service uses it for every mode except one. Edited February 14, 2010 by SyntaxError Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now