I'm using manage-bde.exe to allow some power user to encrypt their USB Stick.
I have a DC (Windows Server 2012 R2) with 100 hunder windows 10 pro laptpos.
The users don't have admin privlege on their machines.
I found that changing WMI privilege manually (ROOT>CIMV2>Security>Micro
fostVolume
Encryption
) and adding manually the specif account and giving him "execute method" privilege allow the user to run the encryption without possessing admin rights.
I'm trying to create a script that I'm going to push via GPO to apply the needed changes.
I tried using this
method without success.
I can dump the privlege. Applying them give no errors but no changes are done.
Both operations are done with local admin account.
Thanks.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.