Cannot turn off BitLocker RRS feed

  • Question

  • Hi all,

    I've been tasked with encrypting 20 or so laptops with BitLocker, keys held in AD. Most of them, previously un-encrypted, were fine. Five machines had previously been BL encrypted using Sophos Endpoint to store the keys. I want to decrypt, remove the Sophos software, encrypt, keys appear in AD, so I removed Tamper Protection from the Sophos central management console first. The first two were fine, the rest won't decrypt. I've tried it through control panel and through CMD, the result is the same. The BitLocker window goes from Encrypted to Decrypting, to Encrypting and then back to Encrypted. All this takes about five seconds. There's no errors in the logs, just the standard events. I've raised the issue with Sophos, but given that I've turned off tamper protection and confirmed locally I think this may be a Windows thing.

    Any advice\ideas welcome.


    Monday, November 11, 2019 11:44 AM

All replies

  • Since natively in windows there is no enforcement of encryption, that will still be Sophos (maybe a bug).

    In windows alone, you would need to use scripts or MBAM to enforce encryption, thus, there is no way to work against your attempt to decrypt unless you would have enforced it knowingly.

    Monday, November 11, 2019 2:01 PM