<div>
Do you plan to set a PIN? Or without pin?
</div>


Do you plan to set a PIN? Or without pin?

<div>
Expect your machine to run at least 20% slower, especially on a normal HD. Just a tad faster on an SSD.
</div>


Expect your machine to run at least 20% slower, especially on a normal HD. Just a tad faster on an SSD.

<div>
Mcnife, not sure yet. We would have to meet on that. I would think so. We have over 3k machines.
</div>


Mcnife, not sure yet. We would have to meet on that. I would think so. We have over 3k machines.

<div>
I've requested that this question be deleted for the following reason:<br />
<br />
found answer alone
</div>


I've requested that this question be deleted for the following reason:

found answer alone

<div>
sorry I did not find the answer
</div>


<div>
<div class="content wysiwyg-content">
So I dont need MBAM to deploy Bitlocker encryption on desktops, its just used for management. Correct?<br />
<br />
So I have 2008 environment and Win 7 Enterprise machines. I just want to use GPO. I plan to implement by:<br />
<br />
-Turn on TPM using script(Is this necessary)<br />
-Startup Script to initiate initial encryption<br />
-Use GPO policy to store encryption key in AD<br />
<br />
Anything else im missing?<br />
<br />
Im going to have more questions later but I will post as I go along.
</div>
</div>


So I dont need MBAM to deploy Bitlocker encryption on desktops, its just used for management. Correct?

So I have 2008 environment and Win 7 Enterprise machines. I just want to use GPO. I plan to implement by:

-Turn on TPM using script(Is this necessary)
-Startup Script to initiate initial encryption
-Use GPO policy to store encryption key in AD

Anything else im missing?

Im going to have more questions later but I will post as I go along.

Bitlocker question

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.