BitLocker - Lockout Policy


  • Hi,

    Apologies if this has been answered there a policy that exists to enable some kind of lockout in Bitlocker if the user does not check in? Currently using BitLocker with TPM wuth keys going to AD. I have been looking to see if there is a policy that would ensure the machines would lockout after x amount of days (if not logged back on to the network). From what I have read and seen, there is not, but would like to know for sure.


    EDIT: Running Windows 7 Enterprise SP1

    mercoledì 22 febbraio 2012 08:11


Tutte le risposte

  • Hi,

    I do not understand your real meaning, please provide more information about your request.

    Meanwhile, I would like to share the information about BitLocker Group Policy:

    Best Practices for BitLocker in Windows 7

    Alex Zhao

    TechNet Community Support

    venerdì 24 febbraio 2012 05:30
  • Hi Alex,

    Apologies for the delayed reply. Thanks for the links, I've read the best practice already. Basically (what I am trying to say) is if I was encrypting a laptop using TPM, would it be possible for this to lock itself down (when I mean lock, no one can get back into the machine other than an administrator to unlock) This lockout could be set to say, 30 days if this had not been logged into our domain? This would be beneficial if the equipment was lost/stolen.

    I cannot see anything in group policy, so i'm guessing not, (TPM + PIN kind of takes care to a degree of the above, yes?)

    Many thanks

    martedì 20 marzo 2012 08:25