I haven't been able to find more recent documentation on this particular situation/issue so figured I'd ask directly.
My predecessors encrypted our AD binded lab devices which created major issues with new network user sign ins. After I got these physically locked down, I put the lab computer group into the exceptions of the FV2 policy. However, I realize of course the policy was already previously pushed to the devices and there is no "undo" button. I need to decrypt for all users and if I can avoid reenrolling the device altogether, that would be great. I don't know if fdesetup has the ability to decrypt for all users without a more complex script I'm not sure how to put together (our senior analyst who managed this left before I came on and honestly, looking at some of his work, I'm not sure he knew how do this management himself lol).
I really appreciate any help that can provided for a fresh college graduate who basically had to become the senior analyst within 6 months haha--I can provide more information if needed and I apologize any lacking knowledge.
