[AD Bitlocker/Network unlock] Can enforce AD unlock USB drive?

Alceatraz Warprays 1 Reputation point
2020-07-28T08:51:30.703+00:00

Hello:

In domian, All computer using bitlocker and unlock by and only by network unlock.

Here is what I want to achive:

When any employee useing removeable media, They enforce require using bitlocker protected USB drive, And those drive unlock by and only by the domain, In other words : They can't bring any data leave the domain.

As far I know is

RDVDenyWrite=1

and

RDVDenyCrossOrg=1

to pervent write unprotected drive.

Point is:

Can AD take over USB drive encryption cert, Deny user input password or using smart card or even print the recovery key, Only way to unlock driver by plug into a computer in domain ?

Can Active Directory achive that? And how?

Thanks!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,927 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,765 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 18,716 Reputation points Microsoft Vendor
    2020-07-29T07:55:45.453+00:00

    Hello,
    Thank you for posting here.

    There is no such function in AD. Perhaps there are three-party security softwares that can fulfill your needs.

    If we want to prevent employees from taking any data out of the domain, the way we suggested is that do not allow employees to use any removable devices at the office.

    Best Regards,
    Daisy Zhou

    0 comments
  2. Anonymous
    2020-08-07T08:40:46.307+00:00
    0 comments