We are in the process of migrating from WinXP to Win7 and in that migration we want to turn on BitLocker and enforce BitLocker ToGo on all USB-devices. But how do we manage Digital Cameras and their memorycards? Is there any way to (GPO or some other centraly managed way) exclude BitLocker ToGo on specific PNP-IDs? (Or Mobile phones, media players and other devices that shows up as a "normal" USB-drive)

Hi, Thanks for posting in Microsoft TechNet forums. To turn on BitLocker Drive Encryption on a fixed or removable data drive: Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption. BitLocker Group Policy settings are located in the Local Group Policy Editor or the Group Policy Management Console in Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption. You can expand the "Removable data drives" folder and enable "Control use of BitLocker on removalbe drives" Best Regards Magon Liu TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks for the reply... Maybe I was unclear but the question was not about how to turn ON BitLocker. The question is about how to turn OFF BitLocker on specific devices (For instance Digital Cameras).

Hi, Thank you for correcting me. If I did not misunderstood again, the answer is quite simple: To turn off BitLocker Drive Encryption Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption. Find the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker. A message is displayed, informing you that the drive will be decrypted and that decryption may take some time. Click Decrypt the drive to continue and turn off BitLocker on the drive. By completing this procedure, you have decrypted the drive and removed BitLocker protection. For more information, refer to http://technet.microsoft.com/en-us/library/ee424315(WS.10).aspx. Please feel free to correct me if any questions. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thats one way... but that requires that we reverse our (what we hope to be) baseline policy stating that BitLocker ToGo is enforced on all removable drives. I was hoping for a way that we could centrally manage "non-BitLocker" devices.

Hi, Based on my knowledge, it seems not possible to achieve currently. I am sorry to say that. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

This is perhaps just an impractical idea, I don't have any Bitlocker management knowledge, but would removable MPT USB devices be treated the same as mass-storage USB devices by Bitlocker? Some brands of consumer digital cameras (e.g. Nikon) allow a choice between connecting with an MPT or mass-storage USB device protocol, and generic (as well as specific types of) MPT USB devices are well supported in W7. It would be then your task to break the news to your users that only MPT USB removable devices are supported... but since some of those devices do allow storage of arbitrary types of data, I guess that only diminishes, not removes, the security hole you want to plug. You'd think that just as W7 has group policy settings allowing limited users to install certain classes of device installers, while preventing all other installations, they'd have though of the analogous case of Bitlocker-to-Go policies for not enforcing mandatory encryption for certain classes of removable storage devices.OS: Windows 7 Professional 32bit Hardware: Notebook w/ Intel Core 2 Duo T9400, 4GB memory (2.46 usable)

Hi, Thank you for your reply. We are striving to capture any and all product issues and product feedback so as to ensure that we are continuously developing Microsoft products to meet our customers' needs. Since Windows 7 is still a new product, I believe it will become better and better based on our users' feedbacks. This is exactly why feedback such as yours is always valued. Best Regards Magon Liu TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

hopefully you are still listening to this thread, as I would also like to encourage Microsoft to find a solution for this. We are in the same situation and would like the ability to exclude certain devices from the bitlocker-to-go policy. For example, iPods and other MP3 devices that just about everyone has these days no longer work if bitlocker-to-go is enforced.