I've gone through and configured group policy for my domain so it backs up BitLocker recovery keys to AD and enforces select policies, but I've run into an issue. (ETA: Windows 7 machines)
Most of my people who have laptops are local administrators on their machines. Local admins can disable BitLocker. Any ideas how I could restrict access to the BitLocker management interface to users who are local admins (but not domain admins)? I didn't see anything in group policy that could accomplish this. Thanks!