This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Hello, i have a few question about SCCM Bitlocker .
I now got encrypted C: drive but some computer have D; drive is there a possibility to do this with policy?
Or should i use -> manage-bde -on d: command in powershell?
I enter and see this on helpdesk portal
But my colleague see this?
How could this be possible? we are in one group -- This one i fixed the user was domain admin user, but no in the group.
Also when connecting to helpdesk portal is there a possibility to remove authentication window? So i could authorize immediately?
And when i'm connecting to the helpdesk portal i've been asking for client Certificate instead of login\pass
Ok thank but.
If now i have SCCM collection to which is deployed SCCM Bitlocker Management policy without fixed drive options.
If i change this policy then it will apply for all workstations in this collection there are 400+ workstations.
But really i have only 5 with 2 partitions - that will be encrypted.
What will happen to other 395 workstations? - Policy will show non-compliant? <- if so then there will not be new Bitlocker keys in sccm sql DB and other workstation that will not have 2nd partition will not be able to escrow the key.
Or i need to create separate collection and deploy this new policy with fixed drive to them?
Yes, your understand is correct. We should create separate group for the PCs which have 2 partitions to apply above group policies.
Question 1: No.
Question 2: Yes.
About Q1, there is not a GPO can modify/control portal, we can’t make User Domain and User ID become optional options.
About Q2, you could try the following steps:
1.) Configure use of Passwords for fixed data drives : disabled
2.) Fixed data drives encryption Settings: enabled -> Require Auto-Unlock
3.) Encryption Policy Enforcement Settings:enabled -> grace period as you like , i set it to 0
4.)Choose how Bitlocker protected Drives can be recovered: I think you have to enable and configure this too and check the "Omit recovery Options ..." Checkbox.
Source:
https://social.technet.microsoft.com/Forums/en-US/9849abe2-d257-43de-8f00-72254daf5694/mbam-gpo-settings-to-encrypt-multiple-hard-drives?forum=mdopmbam
-------------------------------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.