Question : Windows 7 BitLocker with Active Directory

How can I force bitlock on client computers through group policy?

I see I can force BitLock on USB drives and that works fine:  http://windowsitpro.com/article/articleid/103280/q-how-can-i-force-windows-7-clients-to-use-bitlocker-to-go-before-writing-to-usb-devices.html

But would like to know if there is a same feature to force it on Operating System Drive?  

Basically users would be denied access to domain login if they are not encrypted?

Any suggestions?

Thank you

Answer : Windows 7 BitLocker with Active Directory

There are six policies that allow you to control bitlocker drive encryption for operating systems drives. None of these policies allow you to control how bitlocker interacts with the active directory. As you stated in your question the Group Policy can prevent you from writing to a non bitlocker removable or fixed disk. If domain security is a concern look into implamenting Microsoft SCCM 2007.

SCCM will give you many options for controling who can log into the domain.  You can look into NAP (Network Access Protection) and Windows 7 SVN (Security Health Validators) but there's nothing in either of those about bitlocker.

Random Solutions  
 
programming4us programming4us