BitLocker Operating System Drives with TPM - can you require a key or password to unlock
We have configured BitLocker on our Operating System drives with TPM and saved both Bitlocker recovery keys and backed up TPM to AD. I have been asked if there is anyway to prevent an admin of the client from unlocking (decrypting) the drive unless
the admin has some sort of password or key. I can find nothing on this. I understand this is possible with fixed or removeable drives but not with OS drives. We have configured Group Policy to save keys to AD.
Thanks
July 13th, 2010 5:33pm
If the users are local administrators on their machines there are no ways to prevent anything, and preventing users decrypting a bitlockered drive is one of the things you cannot prevent. The only solution is to make the users standard users.Blogging about Windows for IT pros at
www.theexperienceblog.com
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2010 11:28am