I have a dream scenario but I am not sure how feasible it is. I would like to have our domain setup so that thumb drives will only be usable if they are encrypted with BitLocker. I want our users to have to come to the IT dept and have their thumb drives encrypted before they can just plug them in. This way we won't get hit with fines should one go missing, and we can keep an audit of who has thumb drives in our enterprise. I don't see a GPO that directly accomplishes this, so my thoughts were to do the following: Prevent all users from using thumb drives via GPO. When they check in with us and get the drive encrypted we add them to an excluded security group. My issue is that once someone gets a thumb drive encrypted and they are added to the security group, they can bring in another un-encrypted drive and just not tell us. Anyone have any good ideas?
↧
