Deploy Bitlocker encryption to active directory Users with GPO

ARUN xv 1 Reputation point
2022-08-31T11:26:33.553+00:00

Hi,

I am trying to deploy bitlocker encryption automatically to active directory users through GPO. The users must have TPM enabled and it should be hardware based bitlocker encryption. I also don't want any pre boot authentication(bitlocker password). I only want to encrypt the drives of the users and the recovery key must be asked when the storage is removed and attached to other devices. It would be very helpful if anyone can Guide me to automate the encryption in GPO. Thank you.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,105 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,748 questions
{count} votes

2 answers

Sort by: Most helpful
  1. JimmySalian-2011 41,916 Reputation points
    2022-08-31T11:48:05.133+00:00

    Hi,

    I think you can acheive this via GPO and also you will need to test this one a device before you rollout to all the users, best practice is to test on a device, backup the recovery keys and try to decrypt the process.

    bitlocker-group-policy-settings

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


  2. JimmySalian-2011 41,916 Reputation points
    2022-08-31T12:09:42.607+00:00

    Hi Arun,

    How about Out of the box experience and enabling the Bitlocker? oem-bitlocker There are pre-reqs and some steps to enable this check the link.

    =
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments