When a drive is out of compliance with Group Policy settings (for example, if a Group Policy setting was changed after the initial BitLocker deployment in your organization, and then the setting was applied to previously encrypted drives), no change can be made to the BitLocker configuration of that drive except a change that will bring it into compliance. If a computer is not compliant with existing Group Policy settings, BitLocker may not be turned on or modified until the computer is in a compliant state. Most of the BitLocker Group Policy settings are applied when BitLocker is initially turned on for a drive. For details about those settings, see Trusted Platform Module Group Policy settings.īitLocker Group Policy settings can be accessed using the Local Group Policy Editor and the Group Policy Management Console (GPMC) under Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption.
A separate set of Group Policy settings supports the use of the Trusted Platform Module (TPM).
