I have a 2008 functional level domain, we'd like to enable BitLocker on all Windows laptops backing up the passwords and recovery info to AD DS, and requiring TPM + PIN. It'd be awesome if we could push this out via GPO as well.
I've done limited tests in with a few vm's and a couple physical laptops with little success. Looking for any advice, tips/tricks, etc.
All laptop OS's are Win7 Enterprise, and all hardware has supporting TPM on-board.