PENDING Standardize bit-locker encryption method.

[Ketankamble3894]

Hi Experts ,

We are using classic MBAM and we want to move SCCM based BitLocker solution, but before doing that steps we need to standardize the encryption method in all machine to XTS-AES-256-bit.

Currently in our environment machines are having different different encryption method .

Can anyone guide me for the steps for standardizing the encryption method in all machine to XTS-AES-256-bit on all machines ?

Do we need to stop the encryption on all machines and need to change registry to 7 ? But till the time machines gets new policy we are keeping machines decrypted….

 

[Marek Belan]

yes you must decrypt volume and encrypt with new method.
Create TS to decrypt apply GPO and force encyption or cmd its on you.

 

[Ketankamble3894]

Can you please guide me for the steps which I need to do to in task sequence decrypt the machine .. Also In GPO we simply needs to change registry for encryption method right ? or anything else is also required ?

 

[Marek Belan]

Can you please guide me for the steps which I need to do to in task sequence decrypt the machine .. Also In GPO we simply needs to change registry for encryption method right ? or anything else is also required ?

Disable-BitLocker -MountPoint "C:"
wait for decrypt
Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256