Disable bitlocker (togo)

Hi,

We implemented a bitlocker policy which works fine.
Now I want to disable it for my machine since I need to make a bootable USB.

I removed my pc from the container and did a gpo /update but I cannot write to the usb (write protected).

Please advise howto troublesehoot.
J.
janhoedtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stevepcguyCommented:
1. Click "Start" from your Windows desktop and click "Control Panel." Click "Security" and then click "BitLocker Drive Encryption."

2. Click "Turn Off BitLocker" and click "Disable BitLocker Drive Encryption." This will temporarily disable BitLocker by storing the key to decrypt the drive in plain text. Your drive will not be decrypted, but will still be easily accessible for updating.


3. Click "Turn Off BitLocker" and click "Decrypt the Volume" to completely remove BitLocker protection. All of your data will be decrypted.
0
janhoedtAuthor Commented:
Bitlocker IS not enabled, that's the whole point/problem for me.
0
janhoedtAuthor Commented:
It tells me I need to enable bitlocker to write to it, but I cannot do this, since a bootable usb doesn't support bitlocker.
I need to disable the mechanism which enabled/triggers bitlocker @ whole.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

snusgubbenCommented:
Hi, I assume you have made a GPO to configure Bitlocker on your clients.

Since all Bitlocker settings are located under the "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption", you'll have to:

1. Create a new GPO where you "disable/not configured" the settings you made in your original Bitlocker GPO.
2. Create a new OU and link the new GPO to the new OU.
3. Move your PC to the new OU, and run gpupdate /force.

GPO settings made to "\Administrative Templates\" may be tattoed to the registry, so you have to revert them.
0
janhoedtAuthor Commented:
Thanks, well indeed that s what I did by removing from ou and gpupdate.
Now in fact the settings are tattoted and therefore this ticket to know howto undo.
0
snusgubbenCommented:
Did you create a new GPO?

The tattoed settings will not be reverted only by moving the computer to another OU. You'll have to create a new GPO if you want the settings reverted.

ie. your Bitlocker GPO says:

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\

Policy: Deny write access to removable drives not protected ny BitLocker
Settings: Enable

Your new GPO must then say:

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\

Policy: Deny write access to removable drives not protected ny BitLocker
Settings: Disabled / or not configured

You will then un-tattoo this setting.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
janhoedtAuthor Commented:
Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.