1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Bitlocker GPO does not push all settings to local machine

Discussion in 'Windows Server' started by NateRD82, Sep 29, 2017.

Advertisement
  1. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    7
    If not the right forum please move.

    Trying to setup a Group Policy for Bitlocker Encryption. I have set my policy on my Server 2008R2 box and added my username to the OU and applied my policy to that OU. I run a gpupdate /force on my machine and it receives only these settings. Under Admin Temp > Windows Components > BitLocker Encryption > OS Drives > Require additional auth @ setup and allow enhanced PINs for startup. My GPO has those 2 and more enabled but they are coming over.

    Thoughts?
     
  2. Sponsor

  3. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    7
  4. lochlomonder

    lochlomonder

    Joined:
    Jul 24, 2015
    Messages:
    1,595
    Try assigning the GPO to the Computer OU, as opposed to the User OU. Run gpupdate /force on the specified machine and then do a reboot.
     
  5. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    7
    upload_2017-10-10_15-37-56.png

    As you can see after I ran gpupdate I have some things enabled, but not everything the same.
     
  6. lochlomonder

    lochlomonder

    Joined:
    Jul 24, 2015
    Messages:
    1,595
    I don't understand what you mean by this statement. The same as what, precisely?
     
  7. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    7
    In the image above, the GPO Editor on the AD has 3 enabled settings, whereas, the Local GPO Editor on my machine only has 2 enabled settings. There are other examples but I just gave this screenshot. As you can see The GPO on the server is not pushing everything to the Local machine. Is this a bitlocker issue?
     
  8. lochlomonder

    lochlomonder

    Joined:
    Jul 24, 2015
    Messages:
    1,595
    Open up a CLI and run the following command: gpresult /h c:\gpresults.html. This will create an HTML file where you can view the group policy results, so go to the root of the drive and open the file in your browser. This will give you information on the policies which are being applied successfully and show which, if any, are failing.
     
  9. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    7
    Here is the results. Looks like its enabled but as you can see "Configure use of passwords for fixed data drives" is not configured. Whereas, the GPO for that is set to enabled.

    upload_2017-10-11_11-57-34.png
     
  10. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    7
  11. lochlomonder

    lochlomonder

    Joined:
    Jul 24, 2015
    Messages:
    1,595
    Sorry, been busy with other things. The output from gpresult shows the GPO is applying properly. Don't worry about the Local Group Policy Editor, since this will not show the effects of domain group policies.
     
  12. NateRD82

    NateRD82 Thread Starter

    Joined:
    Sep 29, 2017
    Messages:
    7
    O good to know then, thank you for taking time out of day and responding!
     
  13. lochlomonder

    lochlomonder

    Joined:
    Jul 24, 2015
    Messages:
    1,595
    You're welcome, and I was glad to help.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Bitlocker does push
  1. brainwave89
    Replies:
    2
    Views:
    1,004

Short URL to this thread: https://techguy.org/1197168