ejscn
asked on
Bitlocker Deployment Verification
Hello,
My organization is deploying BitLocker to its laptops. We need to make sure that data on the drive is inaccessible without logon credentials. Here is how we're planning on deploying BitLocker:
1. Upgrade machines to Windows 8.1 (we currently are using 7 Pro and don't have the licensing for Windows 10)
2. Enable BitLocker - as part of group policy, we are requiring the recovery information be backed up to AD before BitLocker can encrypt. Further, we are requiring a PIN to be entered upon restart of the computer.
3. Verify the recovery information.
4. Have the user change the PIN when we deploy their laptop to them.
Am I missing anything? I would hate to not be able to recover data off a laptop if something would go wrong.
Thanks!
My organization is deploying BitLocker to its laptops. We need to make sure that data on the drive is inaccessible without logon credentials. Here is how we're planning on deploying BitLocker:
1. Upgrade machines to Windows 8.1 (we currently are using 7 Pro and don't have the licensing for Windows 10)
2. Enable BitLocker - as part of group policy, we are requiring the recovery information be backed up to AD before BitLocker can encrypt. Further, we are requiring a PIN to be entered upon restart of the computer.
3. Verify the recovery information.
4. Have the user change the PIN when we deploy their laptop to them.
Am I missing anything? I would hate to not be able to recover data off a laptop if something would go wrong.
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
hi, you also need to sort out enable TPM. In Bios and take ownership.
ASKER
Mike, could you expand on that a bit or provide a link to a good overview?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.