Hi, Apologies if this has been answered but....is there a policy that exists to enable some kind of lockout in Bitlocker if the user does not check in? Currently using BitLocker with TPM wuth keys going to AD. I have been looking to see if there is a policy that would ensure the machines would lockout after x amount of days (if not logged back on to the network). From what I have read and seen, there is not, but would like to know for sure. Thanks. EDIT: Running Windows 7 Enterprise SP1

Hi, I do not understand your real meaning, please provide more information about your request. Meanwhile, I would like to share the information about BitLocker Group Policy: Best Practices for BitLocker in Windows 7Alex Zhao TechNet Community Support

Hi, I do not understand your real meaning, please provide more information about your request. Meanwhile, I would like to share the information about BitLocker Group Policy: Best Practices for BitLocker in Windows 7Alex Zhao TechNet Community Support

Hi Alex, Apologies for the delayed reply. Thanks for the links, I've read the best practice already. Basically (what I am trying to say) is if I was encrypting a laptop using TPM, would it be possible for this to lock itself down (when I mean lock, no one can get back into the machine other than an administrator to unlock) This lockout could be set to say, 30 days if this had not been logged into our domain? This would be beneficial if the equipment was lost/stolen. I cannot see anything in group policy, so i'm guessing not, (TPM + PIN kind of takes care to a degree of the above, yes?) Many thanks