Top menu

Domain Group Policies fail to apply on DeviceLock controlled computers

DESCRIPTION

Changes in Administrative Templates on a Domain Group Policy are failing to apply on client machines with DeviceLock installed.

COMMENTS

Such issue may indicate that DeviceLock Service on clients is running with Windows BitLocker To Go integration enabled.

If integration with Windows BitLocker To Go is enabled, the "Deny write access to removable drives not protected by BitLocker" policy setting (located in Computer Configuration\Administrative Templates\WindowsComponents\BitLocker Drive Encryption\Removable Data Drives) is set to DISABLED.

With BitLocker integration enabled DeviceLock Agent keeps this option from any changes on local computer, thus any group policy which has the conflicting value for this option will not be applied on the computer.

RECOMMENDATIONS

Please make sure to explicitly DISABLE "Windows BitLocker To Go" integration under DeviceLock Service Options-> Encryption-> section in the existing DeviceLock group policy, or in DeviceLock Service Settings file if group policies are not used.
"Not Configured" setting in the policy means that DeviceLock Service will use the default value for unconfigured option which is "Enabled" for Integration flag on all supported encryption products.