BitLocker Operating System Drives with TPM - can you require a key or password to unlock
We have configured BitLocker on our Operating System drives with TPM and saved both Bitlocker recovery keys and backed up TPM to AD. I have been asked if there is anyway to prevent an admin of the client from unlocking (decrypting) the drive unless the admin has some sort of password or key. I can find nothing on this. I understand this is possible with fixed or removeable drives but not with OS drives. We have configured Group Policy to save keys to AD. Thanks
July 13th, 2010 5:33pm

If the users are local administrators on their machines there are no ways to prevent anything, and preventing users decrypting a bitlockered drive is one of the things you cannot prevent. The only solution is to make the users standard users.Blogging about Windows for IT pros at www.theexperienceblog.com
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2010 11:28am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics