What GPO setting is causing my Win10 systems to auto-encrypt?
I have Win10 Pro ver1709 laptops and we are slowly applying Bitlocker to our laptops. My team has just started noticing Bitlocker would begin encrypting on their own (we do not have MBAM) if left in the OU with the GPO settings applied in the attached doc. It did not do this previously, everything I read online states auto-encryption requires MBAM or manual initialization to begin encryption. We have seen this happen on more than one laptop. Also, something we just started doing was using SecureBoot which required us to use UEFI on the laptop.
- my GPO settings are in the attached file.
- if it is because of a GPO, which GPO setting (only I would have changed the GPOs, and I have not changed anything) is causing the auto-initialization? I prefer to have the settings needed WITHOUT auto-encrypting, unless that's not an option. please advise.
BitlockerGPOsettings.docx
- my GPO settings are in the attached file.
- if it is because of a GPO, which GPO setting (only I would have changed the GPOs, and I have not changed anything) is causing the auto-initialization? I prefer to have the settings needed WITHOUT auto-encrypting, unless that's not an option. please advise.
BitlockerGPOsettings.docx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The selected answer is wrong. There are no ways apart from MBAM to auto-encrypt with bitlocker, so what you see is very likely rather "device encryption" and not bitlocker. Please read what device encryption is here:
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10
ASKER