Question How to have Bitlocker not prompt user for password?

Mar 27, 2019
Hi, first time posting! I've been scouring the internet trying to figure this out but so far no luck, hoping someone can help. I'm testing BitLocker currently at my work and I've been tasked with with setting it so that the laptops are encrypted, and when someone plugs a flash drive in it will encrypt it also, but without asking them for a password to remember.

Everything else was quite simple to setup...the OS encryption via Group Policy (AD 2012 domain), I have enabled Bitlocker to Go as well. In that section of the GPO I enabled "Deny write access to removable drives not protected by BitLocker" and "Choose how BitLocker-protected removable drives can be recovered". With the latter, I clicked "Omit recovery options from the BitLocker setup wizard" and "Save BitLocker recovery information to AD DS for removable data drives".

So, currently the laptop is encrypted just fine....and when I plug a USB drive in, it warns me that it must be encrypted to be able to be written to, that's great...but after agreeing to it, it then wants a password. I'm hoping that it can prompt to encrypt, the user then tells it "ok" but the password is randomly generated and/or saved back up to AD vs it being up to each user to create and remember that password.

It seems like this would be quite easy...what am I missing?

Thanks for your time!!


This question is a bit confusing, what is the point of having encryption on the USB drive without a password? Then anyone can just plug it in and get to the files anyway. You don't buy a lock for a door then leave it unlocked all the time. How will this encrypted USB disk going to be "encrypted" if it is not asking for the decryption password? You can't link a USB disk to an AD account like you can a laptop that is actually added to the organization domain.