Hello,
Thank you for posting in Q&A forum.
To create a GPO that runs the "manage-bde -off c:" command in the background, you can follow these steps:
- Open "Group Policy Management", right-click the organizational unit (OU) where you want to apply the policy, and then select "Create GPO in this domain, and link it here".
- Name the GPO and click "OK".
- Right-click the newly created GPO and select "Edit".
- Navigate to "Computer Configuration" > "Policies" > "Windows Settings" > "Scripts (Startup/Shutdown)".
- Double-click "Start", click "Add", and then click "Browse".
- In the new window, right-click and create a new text document. Rename it to "DisableBitLocker.ps1" (make sure to change the extension to .ps1).
- Edit the .ps1 file and add the following code lines:
powershell $command = 'manage-bde -off c:' invoke-expression $command
- Save and close the file.
- In the "Startup Properties" window, select the .ps1 file, and then click "OK".
- Close the Group Policy Management editor and link the GPO to the appropriate OU.
After the GPO configuration is complete, it may take some time for it to be applied to the target computer. So, execute the gpupdate /force command on the target machine to force the group policy update, immediately applying the new Settings.
Rolling back BitLocker encryption may result in data loss, so exercise caution.
I hope the information above is helpful.
Best Regards,
Yanhong Liu
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.