Q. How can I stop local administrators from turning off BitLocker?
John Savill
October 2, 2010
1 Min Read
A. For the purposes of my answer, you can replace BitLocker with pretty much anything you can set with Group Policy (or any other setting). If you make users local administrators, they're effectively gods of their boxes. It's pretty much impossible to stop them from doing anything. Yes, you can hide Control Panel applets, but users can just try another method, such as PowerShell in BitLocker's case.
If you don't trust users not to cause self harm, they shouldn't be local administrators—it's really that simple. Trying to stop local admins from doing something is ultimately futile if they're determined enough.
About the Author
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
You May Also Like