Enabling Bitlocker encryption on domain computers

ARUN xv 1 Reputation point
2022-08-31T11:08:22.777+00:00

Is there a way to automate full disk encryption with GPO on active directory users with TPM enabled??

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,211 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 37,526 Reputation points
    2022-09-05T07:34:24.007+00:00

    Hello

    Thank you for your question and reaching out.

    Yes, If your client computers has TPM enabled you can archive this using GPO.

    These settings are available in Local Group Policy Editor, under the section Administrative Templates > Windows Components > BitLocker Drive Encryption.

    GPO contains a lot of settings, so we will highlight only those that are likely to be of major interest to MSPs:

    Enable and allow network unlock at startup.
    Ability to choose additional startup authentication.
    Configure password settings and requirements. You can also configure passwords using a policy for removable drives.
    Control access and usage of removable drives not protected by BitLocker.
    Change hardware-based encryption settings for local drives.

    Reference :

    https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings

    ---------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

  2. ARUN xv 1 Reputation point
    2022-09-05T08:28:19.513+00:00

    Thank you for reaching out.

    I have tried this method. But I have to manually enable BitLocker on every PC to start the encryption process. the GPO that I applied does not automatically make the encryption.