PENDING Bitlocker Decryption Policy on Client Still Asking to Encrypt

Led Zappa

Member
9
0
1
I have a system that had the policy to encrypt and enforce. I needed to remove it as it was going to be used as test machine remotely and couldn't enter pin if I had to reboot. I removed those policies and applied the Decrypt and Enforce Decryption policies. The decrypt policies applied correctly and it successfully decrypted the drive, but now the enforce encryption pop-up keeps appearing asking to create a pin and you can't postpone or get rid of the pop-up. The policies show on the client correctly with Enforce Decryption as compliant and Disable Encryption as non compliant.

I've used these decrypt policies before, but always to decrypt and re-apply the encrypt policies, usually to fix a problem like the drive being encrypted with 128 when shipped and I forget to turn off Bitlocker before applying the SCCM bitlocker policies, So it's never been tested long term like this machine.