![]() ![]() I'm going to test this theory right now with some test clients. This key refers to users being able to change their bitlocker Pin code (which we have set in GPO's to enabled)My theory is that this is whats causing clients to go from compliant to not compliant because the value of this key changes throughout the day depending on who comes first, the GPO or the Bitlocker Management Policy. ![]() So I started with the settings under the Operating System Drive tab in SCCM to not configured and I noticed that this specific reg key is set/changed even though this option is not a setting on its self on this tab.įailed to delete registry value SOFTWARE\Policies\Microsoft\FVE\DisallowStandardUserPINReset (0x80070002) Processing BitLocker Management Policy ScopeId_FABA6A4A-E0EF-4328-A05C-B89EDBCAAA1F/ConfigurationPolicy_1b3b24e0-5eaf-45d9-a1e7-036ac2dcf24aįrom this I drew the conclusion that something in the Bitlocker Management settings is changing a value causing the client to become non compliant even though the settings in both SCCM and GPO is exactly the same.Īt this point I decided to just let GPO's determine the bitlocker settings and only use Bitlocker management to set the MBAM Service and nothing else. In the end I've tried different GPO settings, Bitlocker Management settings and the result was always the same until I found this relation in the logging, together with the above error in event viewer this would show up in BitlockerManagementHandler.log I've managed to track this down while looking at the mbam event log which shows:ĭetected OS volume encryption policies conflict.Check BitLocker and MBAM policies related to OS drive protectors. I've not been able to find a solution for this, deleting the configuration profiles does not seem to solve the issue.Ģ) Clients go from compliant to not compliant and back throughout the whole day ![]() I've recently migrated from MBAM to the built in bitlocker management and I've run into a few issues:īitlocker Enterprise Compliance Dashboard dashboard is not updating or only shows a few clients ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |