none
MBAM: encryption of external device not possible

    คำถาม

  • Hallo everyone,

    we have set up MBAM in our test environment. The encryption of the OS drive on the client machine works fine, but it is not possible to encrypt an external device.

    Our MBAM Group Policy for "Removable Drive" is:

    Control use of BitLocker on removable drives: Enabled

    • Allow users to apply BitLocker protection on removable data drives
    • Allow users to suspend and decrypt BitLocker protection on removable data drives

    Configure use of passwords for removable drives: Enabled

    • Require password for removable drive
    • Allow password complexity
    • Minimum password length for removable data drive: 8

    If I select the removable drive in the Windows Explorer - right mouse click, there is no entry "BitLocker Encryption Options" like on the OS drive.

    In the "Control Panel" - "BitLocker Encryption Options", under "BitLocker Drive Encryption - External drives" the following text is displayed: "E: Encryption Off".

    Additional info:
    I have hidden the original BitLocker Control Panel item (Group policy: User Configuration - Policies - Administrative Templates - Control Panel - "Hide specified Control Panel item: "Microsoft.BitLockerDrive Encryption").
    Also I have set the following registry key on the MBAM Server:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] "DisableMachineVerfication"=dword:0000000]

    Thanks a lot for your help!

    Regards,
    Renate

    • แก้ไขโดย RenateL 13 มิถุนายน 2555 14:34
    13 มิถุนายน 2555 14:18

ตอบทั้งหมด

  • Hello,

    I found the advice in another thread, that it is neccessary to set the following in the MBAM group policy for "Removable Drive":

    • Deny write access to removable drives not protected by BitLocker: Enabled

    It seems like this setting is neccessary, so that the BitLocker encryption starts for the external device.

    But is there no possibility to not force the user to encrypt his drive, but to let him choose if he want to or not?

    Regards,
    Renate

    14 มิถุนายน 2555 8:07