Hi, first time posting! I've been scouring the internet trying to figure this out but so far no luck, hoping someone can help. I'm testing BitLocker currently at my work and I've been tasked with with setting it so that the laptops are encrypted, and when someone plugs a flash drive in it will encrypt it also, but without asking them for a password to remember.
Everything else was quite simple to setup...the OS encryption via Group Policy (AD 2012 domain), I have enabled Bitlocker to Go as well. In that section of the GPO I enabled "Deny write access to removable drives not protected by BitLocker" and "Choose how BitLocker-protected removable drives can be recovered". With the latter, I clicked "Omit recovery options from the BitLocker setup wizard" and "Save BitLocker recovery information to AD DS for removable data drives".
So, currently the laptop is encrypted just fine....and when I plug a USB drive in, it warns me that it must be encrypted to be able to be written to, that's great...but after agreeing to it, it then wants a password. I'm hoping that it can prompt to encrypt, the user then tells it "ok" but the password is randomly generated and/or saved back up to AD vs it being up to each user to create and remember that password.
It seems like this would be quite easy...what am I missing?
Thanks for your time!!
Everything else was quite simple to setup...the OS encryption via Group Policy (AD 2012 domain), I have enabled Bitlocker to Go as well. In that section of the GPO I enabled "Deny write access to removable drives not protected by BitLocker" and "Choose how BitLocker-protected removable drives can be recovered". With the latter, I clicked "Omit recovery options from the BitLocker setup wizard" and "Save BitLocker recovery information to AD DS for removable data drives".
So, currently the laptop is encrypted just fine....and when I plug a USB drive in, it warns me that it must be encrypted to be able to be written to, that's great...but after agreeing to it, it then wants a password. I'm hoping that it can prompt to encrypt, the user then tells it "ok" but the password is randomly generated and/or saved back up to AD vs it being up to each user to create and remember that password.
It seems like this would be quite easy...what am I missing?
Thanks for your time!!