This is about BITLOCKER
I have a Dell 5420 that I created an image for and all is working fine after imaging the laptop to windows 10 pro.
The only issue I am having is trying to run bitlocker on the drive when the user is logged into the domain joined machine.
I can run bitlocker with local admin account or I know I can run bitlocker if I add the user to the administrators group for the local machine.
I DO NOT want to have to add the user to the local admin group just to get bitlocker to work.
Also, when you turn on bitlocker through control panel it will ask you where you want to save the password.
I am wanting it to ask to save it to AD DS that way it will be save to their account. SO, like I said IF I login locally to the machine I will be able to run bitlocker.
However, that's not what I want I am hoping to achieve this without setting up the user as a local administrator and be able to run bitlocker.
I want to be able to login as the user on the domain and be able to startup bitlocker. I am not sure why this can't happen.
Is it possible that the server needs to see the machine joined to the domain before it will ask where to save the password? OR should it not matter?
I have tried many things to get this to work and so far anything I have tried just doesn't seem to work.
Things I have tried:
manage-bde -on C: have to be administrator was logged in as local user
looked in the registry no changes needed
in BIOS moved boot order to make the hard drive as the first boot up drive. no changes
went into services to turn on bitlocker. no changes
Before I imaged the laptop I went into BIOS disabled Secure boot and TPM. Start up laptop went back into BIOS enabled secure boot and TPM. still no changes
I am just not sure what else to do from here I pretty much have ran out of options.