none
BitLocker GPO not forcing encryption

    问题

  • Hey everyone,

    I am in the process of using BitLocker to encrypt my companies ~500 computers. I successfully was able to encrypt 12 a couple weeks ago but had to stop due to a complication with the computer requesting the recovery key when a computers docked status would change. Now that I have "fixed" that I am trying to encrypt more but the encryption process won't kick off. The GPO I set up is being applied to the system and these are the steps I took before to start the process:

    • Boot into BIOS and turn on TPM
    • Install MBAM Client
    • Initialize TPM and provide master password in Windows 7
    • Verify that GPO is being applied
    • Wait for encryption to start.

    Before, it would only take a minute or two to start encrypting. My GPO is set up like so:

    • I have my GPO set up to force encryption at 0.
    • Saves recovery key to AD DS
    • Waits to encrypt until key is saved to AD DS
    • Used space encryption

    Any ideas what could be preventing this from encrypting?

    2018年6月4日 14:02

全部回复

  • Hi,

    "Now that I have "fixed" that I am trying to encrypt more but the encryption process won't kick off"

    Do you mean there is no reaction after your turn on BitLocker on other client machines?

    How did you turn on BitLocker?

    Are there any error message or error code occur during your action?

    Does the issue occur on multiple devices?

    Here is a link about how to enable Bitlocker with group policy on Windows 7, please refer to it to check your steps. 

    https://blogs.technet.microsoft.com/askcore/2010/02/16/cannot-save-recovery-information-for-bitlocker-in-windows-7/

    We also could check if it is available to enable BitLocker manually through right click the Drive and choose Turn on BitLocker. 

    Bests,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2018年6月5日 10:12
    版主
  • I have Group Policy set to enforce the encryption immediately if everything checks out OK. Meaning, if the TPM is on and initialized, BitLocker would start encrypting automatically., which it did before I disabled the GPO.

    This issue does occur on any device that I set up to encrypt with BitLocker.

    There are no error messages whatsoever. It just doesn't start.

    I can encrypt just fine by manually starting it, which is the route I'm going to have to take at this point, and it saves the credentials to active directory successfully.

    I've used that guide in my time working on this.

    2018年6月8日 20:33