How to Manage Computer BitLocker Encryption Exemptions
Updated: November 1, 2012
Applies To: Microsoft BitLocker Administration and Monitoring 1.0
Microsoft BitLocker Administration and Monitoring (MBAM) can be used to exempt certain computers from BitLocker protection. For example, an organization may decide to control BitLocker exemption on a computer-by-computer basis.
To exempt a computer from BitLocker encryption, you must add the computer to a security group in Active Directory Domain Services in order to bypass any computer-based BitLocker protection rules.
|If the computer is already BitLocker-protected, the computer exemption policy has no effect.|
To exempt a computer from BitLocker encryption
Add the computer account that you want to be exempted to a security group in Active Directory Domain Services. This allows you to bypass any computer-based BitLocker protection rules.
Create a Group Policy Object by using the MBAM Group Policy template, then associate the Group Policy Object with the Active Directory group that you created in the previous step. For more information about creating the necessary Group Policy Objects, see Deploying MBAM 1.0 Group Policy Objects.
When an exempted computer starts, the MBAM client checks the Computer Exemption Policy setting and suspends protection based on whether the computer is part of the BitLocker exemption security group.
Other ResourcesAdministering MBAM 1.0 Features
You can learn more about MDOP in the TechNet Library, search for troubleshooting on the TechNet Wiki, or follow us on Facebook or Twitter.