Enforcing Bitlocker via GPO does not prevent users who are local admins from turning this off

Contributor

I have setup Bitlocker for my AD Domain joined Windows 10 Pro laptop clients to turn on Bitlocker.

 

I have even configured the recovery key to be stored against the machine name in ADUC.

 

However, I have noticed, there is nothing to stop local admins of the laptop from stopping Bitlocker.

 

Has anyone come across this as once stopped , my GPO doesn't seem to force it back on.

 

Any advice would be helpful.

 

0 Replies