Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Restricting Access to BitLocker Management

Posted on 2010-08-25
1
Medium Priority
?
2,118 Views
1 Endorsement
Last Modified: 2012-05-10
I've gone through and configured group policy for my domain so it backs up BitLocker recovery keys to AD and enforces select policies, but I've run into an issue. (ETA: Windows 7 machines)

Most of my people who have laptops are local administrators on their machines. Local admins can disable BitLocker. Any ideas how I could restrict access to the BitLocker management interface to users who are local admins (but not domain admins)? I didn't see anything in group policy that could accomplish this. Thanks!

1
Comment
Question by:futureman0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
curua2008 earned 2000 total points
ID: 33526198
This can be done easily with these two steps
   1.  Configure a GPO to remove the Bitlocker Icon from Control Panel.
   2. Configure Application Control Policies (Applocker) to block manage-bde.exe.

You can follow the detail instruction on the link below

http://blogs.technet.com/b/askcore/archive/2010/08/13/how-to-prevent-local-administrator-from-turning-off-bitlocker.aspx
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question