I'm using manage-bde.exe to allow some power user to encrypt their USB Stick.
I have a DC (Windows Server 2012 R2) with 100 hunder windows 10 pro laptpos.
The users don't have admin privlege on their machines.
I found that changing WMI privilege manually (ROOT>CIMV2>Security>Micro
) and adding manually the specif account and giving him "execute method" privilege allow the user to run the encryption without possessing admin rights.
I'm trying to create a script that I'm going to push via GPO to apply the needed changes.
I tried using this method
I can dump the privlege. Applying them give no errors but no changes are done.
Both operations are done with local admin account.