Our organisation encrypts all drives with Bitlocker managed via McAfee. We want to remove this from some drives and so have created a group within the System Tree, and given it the policy "Turn off (Disable) Bitlocker" policy, and added a test machine to that group.
It has been in there for over 24 hours, I have run Check Policies, Enforce Policies, and several reboots to the device, and all a "Wake Up" from within ePO, but decryption has still not begun on the device. There's no information in Agent Status Monitor to suggest why this would be. I have run manage-bde -status from within cmd and the drive is still showing as fully encrypted.
Can anyone advise as to further troubleshooting steps and what to look out for?
Are there possibly any policy assignment rules that might be overriding the system tree assignment? Select one of those systems and go to actions, directory management, view applied policies and see if it shows the right policy. If not, look at assignment method - rule or system.
Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Thanks for this. It looks like the Policy is showing under Applied Policies, but like you said it seems to be inheriting two other policies related to Management of Native Encryption as well, presumably from further up in the System Tree.
I don't have permissions to deactivate these, but will ask a more senior admin, hopefully this will resolve the issue. Thanks for the suggestion.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.