1

Asked a similar question previously: Group policy setting to prevent asking user where to store recovery key

I'm trying to enforce the encryption mode to the new XTS-AES so that if the users computer is not running the latest Win 10 (Version 1511) they cannot enable bitlocker.

Right now users get this prompt: enter image description here

I want them to only be able to select the New encryption mode- I don't even want them to see this prompt. And if they aren't running 1511 they will not be allowed to enable bit locker.

I can't find a policy that seems to enforce this. Is there a policy that does this?

Community
  • 1
red888
  • 4,183
  • 18
  • 64
  • 111
  • Make sure you have the [Administrative Templates for Windows 10](https://www.microsoft.com/en-us/download/details.aspx?id=48257&751be11f-ede8-5a0c-058c-2ee190a24fa6=True&e6b34bbe-475b-1abd-2c51-b5034bcdd6d2=True&fa43d42b-25b5-4a42-fe9b-1634f450f5ee=True). As for not running 1511, you should just push that update. – Michael Hampton Jul 25 '16 at 23:14
  • I have the updated admin templates, the issue is I don't see a policy that controls this setting. Even if you have the update you still get this prompt- I don't want the users to even see this prompt. – red888 Jul 26 '16 at 16:00

0 Answers0