Restricting Access to BitLocker Management

I've gone through and configured group policy for my domain so it backs up BitLocker recovery keys to AD and enforces select policies, but I've run into an issue. (ETA: Windows 7 machines)

Most of my people who have laptops are local administrators on their machines. Local admins can disable BitLocker. Any ideas how I could restrict access to the BitLocker management interface to users who are local admins (but not domain admins)? I didn't see anything in group policy that could accomplish this. Thanks!

Who is Participating?
curua2008Connect With a Mentor Commented:
This can be done easily with these two steps
   1.  Configure a GPO to remove the Bitlocker Icon from Control Panel.
   2. Configure Application Control Policies (Applocker) to block manage-bde.exe.

You can follow the detail instruction on the link below
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.