Inside company I would manage Bitlocker for Windows 10 Clients using Group Policy.
I have already installed role to manage BitLocker on my domain controller.
After that I create a new Group Policy (You can see it in the picture):
In my case there are in this moment more than 50 laptops inside comany. Before IT Support encripted drive directly from Windows 10 PC and store all recovery keys in a shared folder. I would remove this practice to avoid mistakes.
My goal is:
- automatically encrypt all Operating System Drive (all laptop has got just one partition due to users save all files on File Server)
- see all Bitlocker Recovery Key on Active Directory. Can I see actual recovery of all laptops in Active Directory?
In this moment, any computer profile, is empty about Bitlocker Information:
How can I do it?
What happen if I enable GPO for all computers and all computers in this moment has got BitLocker enabled?