Solved

Restricting Access to BitLocker Management

Posted on 2010-08-25
1
1,902 Views
1 Endorsement
Last Modified: 2012-05-10
I've gone through and configured group policy for my domain so it backs up BitLocker recovery keys to AD and enforces select policies, but I've run into an issue. (ETA: Windows 7 machines)

Most of my people who have laptops are local administrators on their machines. Local admins can disable BitLocker. Any ideas how I could restrict access to the BitLocker management interface to users who are local admins (but not domain admins)? I didn't see anything in group policy that could accomplish this. Thanks!

1
Comment
Question by:futureman0
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
curua2008 earned 500 total points
ID: 33526198
This can be done easily with these two steps
   1.  Configure a GPO to remove the Bitlocker Icon from Control Panel.
   2. Configure Application Control Policies (Applocker) to block manage-bde.exe.

You can follow the detail instruction on the link below

http://blogs.technet.com/b/askcore/archive/2010/08/13/how-to-prevent-local-administrator-from-turning-off-bitlocker.aspx
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question