Enforcing Bitlocker via GPO does not prevent users who are local admins from turning this off


I have setup Bitlocker for my AD Domain joined Windows 10 Pro laptop clients to turn on Bitlocker.


I have even configured the recovery key to be stored against the machine name in ADUC.


However, I have noticed, there is nothing to stop local admins of the laptop from stopping Bitlocker.


Has anyone come across this as once stopped , my GPO doesn't seem to force it back on.


Any advice would be helpful.


0 Replies