Is it possible to completely disable the bit locker feature such as a Group Policy or some other way. I am looking for this feature for an Enterprise need. This is because we do not want people encrypting drives and then having the IT department locked out of the computer if they are forced to leave the company. We want a way that users will have no access to the Bitlocker application.

Hello Bubbatb007,There are several GPOs in Windows Server 2008 related to BitLocker and user rights but a different suggestion would be to set a Data Recovery Agent such as the admins group. This would enable admins to decrypt data in a situation such as yours.

There is no GPO that specifically blocks access to enabling and disabling bitlocker as a whole,because:1. It requires Administrator rights to start and configure. 2. If bitlockerwere turned on by it, you would have thousands of users suddenly being forced to somehow use and configure bitlocker correctly.Don't make your users administrators. If they are admins, a GP will not stop them from configuring bitlocker, regardless. And Samcp1123 is right, make sure that if anyone does use bitlocker that all key data is backed up in AD. That is definitely controlled through GP. To find group policies that are possible to use in Vista or later, open a policy, right click an administrative templates node, and select 'filter options'. Then you can search for anything that might be in policy. This works in local policy withGPEDIT.MSC and domain GP through GPMC.Ned Pyle [MSFT] - MS Enterprise Platforms Support - Beta Team