Vista - Is there a way to completely disable the bitlocker options through

We do not want to use bit locker in our company, and don't want the rogue
person to setup bitlocker and us not be able to recover data for them.

Is there a way to completly disable the bitlocker options though a GPO?

Thank you

Search Microsoft's TechNet and MSDN resources for Active Directory and
BitLocker - there are many documents available on this subject including a
guide to configuring BitLocker through Active Directory.

--
Richard G. Harper [MVP Shell/User] rgharper@xxxxxx
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"Whitefearn" <Whitefearn@xxxxxx> wrote in message
news:887FDF34-97F1-4BED-BFF2-2F8EC82B982A@xxxxxx

I have seen quite a few posts regarging configuring it, but not disabling it
completely, so i was hoping someone might have a few ideas of pieces of it
that i could block or disable that would make the process difficult to
implement.

Thanks

"Richard G. Harper" wrote:

I didn't have time to read all the documents I found, but in general if you
can configure it via Active Directory, that includes the ability to disable
it.

--
Richard G. Harper [MVP Shell/User] rgharper@xxxxxx
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"Whitefearn" <Whitefearn@xxxxxx> wrote in message
news:9B952496-60AC-41DF-B755-D362C1EBDC1E@xxxxxx

Whitefearn--

No, there is no specific GPO for preventing the use of BitLocker.

If user's aren't running as local administrators, then they can't enable
BitLocker anyway, so there's one way to prevent it. A more complicated way
would be to configure the group policy that requires backing up keys to
Active Directory but then don't do AD setup required for this -- thus
guaranteeing BitLocker installation failure.

I am curious, though -- why do you not want to take advantage of one of the
most important features available for protecting mobile data on laptops?

--
Steve Riley
steve.riley@xxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Richard G. Harper" <rgharper@xxxxxx> wrote in message
news:EB3EEFBC-DD12-4E9E-9F87-D2F833AACEC5@xxxxxx

Most of it's internal politics.

We are in the Medical Industry (HIPPA is a huge concern) and chose Safeboot
as our encryption solution last year. So there is a "we already spent the
time and money to do this...." mentality.

Also, there are folks who think because it is Microsoft, there will be
security holes in it. Couple that with it being the "first model year" of the
product they don't feel we should jump on that bandwagon untill it is proven.

"Steve Riley [MSFT]" wrote:

Well, let me assure you, the BitLocker code underwent serious scrutiny
before we released it. Also, to allay another worry your organization might
have, there are no back doors, period:
http://blogs.technet.com/steriley/ar...ocker-too.aspx

Do your users run as local admin? If not, then as I wrote before, they can't
enable BitLocker anyway, so no worries.

--
Steve Riley
steve.riley@xxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Whitefearn" <Whitefearn@xxxxxx> wrote in message
news:CC05D417-A2B5-4979-8FA9-F7B90745DF93@xxxxxx