Hi,
Is there any way to enable Bitlocker (activate bitlovcker without encryption of boot volume) with use of GPO?
We want to use Password as the authentication method(no tpm).
Thanks,
Lukasz
This thread was automatically locked due to age.
Hi,
Is there any way to enable Bitlocker (activate bitlovcker without encryption of boot volume) with use of GPO?
We want to use Password as the authentication method(no tpm).
Thanks,
Lukasz
Not without encryption of boot volume, and only on TPM-less machines, and only on Windows 8 and later.
Using an unencrypted boot volume by the way is asking for everyone with physical access to the machine to become local admin, and/or add key loggers, screen grabbers, ram scrapers and data exfiltrators.
“First things first, but not necessarily in that order” – Doctor Who
Not without encryption of boot volume, and only on TPM-less machines, and only on Windows 8 and later.
Using an unencrypted boot volume by the way is asking for everyone with physical access to the machine to become local admin, and/or add key loggers, screen grabbers, ram scrapers and data exfiltrators.
“First things first, but not necessarily in that order” – Doctor Who
I think I was misunderstood, we wanted to activate bit locker from GPO and then use device encryption policy deployed from SGN server to encrypt the volumes.
My assumptions were however incorrect, as I didn't know that after installing SGN client on windows 10 machine(bit locker disabled) it will enable bitlocker and apply policies from SGN server, so GPO changes are needed in case we have to use password and there is no TPM.
You can set TPM or TPM + PIN as Bitlocker Logon Mode for Boot Volumes, and Password as Bitlocker Fallback Logon Mode for Boot Volumes, so Windows 10 machines without a proper TPM will use a password.
“First things first, but not necessarily in that order” – Doctor Who