Consult the BitLocker Drive Encryptionĭeployment Guide on Microsoft TechNet for more information on suspending BitLocker protection. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removableĭata drive. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. This policy setting is applied when you turn on BitLocker. This policy setting controls the use of BitLocker on removable data drives. So maybe you shoud forbidden encryption on computer where you have regular userĬomputer configuration > administration templates > Windows component > Bit Locker Drive Encryption > Remuvable DivicesĪnd see all policy i gess you can use this one first one: The goal is that certain admins can encrpyt devices on their workstations and hand them out to regular users.īut regular users should not be allowed to encrypt devices on their own. Well this is pretty much what i want do accomplish. Ticked: Do not enavle BitLocker until recovery Info is stored."īut this does not give the required result. Ticked: Save Bitlocker recovery info to AD Choose how BtLocker-protected removable drives can be recovered : enabled We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. This workaround to temporarily disable BitLocker may put the data at risk. Ticked: Require password for removable data drive Warning: BitLocker Drive Encryption helps you protect your organization’s sensitive information by encrypting the data. Configure use of passwords for removable data drives : enabled Ticked: "Do not allow write access to devices configured in another organization" Deny write access to removable drives not protected by BitLocker : enabled Control of use of BitLocker on removable drives : enabled standard users can not encrypt usb sticks themself standard users can use encrypted usb sticks which were prestaged by admins within the corporate network I am trying to find a GPO settings combination which gives this result on Win7:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |