+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows 7 Thread, Bitlocker Anybody experience of deploying in Technical; hi, I have an existing cohort of ~100 laptops running Windows 7. I have been asked to encrypt the drives. ...
  1. #1
    Rod
    Rod is offline

    Join Date
    Apr 2013
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Bitlocker Anybody experience of deploying

    hi,
    I have an existing cohort of ~100 laptops running Windows 7. I have been asked to encrypt the drives.

    Anybody got experience of deploying Bitlocker or similar.

    P.S. The machines do have TPM.

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,257
    Thank Post
    1,670
    Thanked 2,014 Times in 1,463 Posts
    Blog Entries
    2
    Rep Power
    451
    We didn't do bitlocker here, not because of lack of resources, just that truecrypt was better for us. Bitlocker v trucrypt on the laptops we did, bitlocker took 6-8 hours to do a 1TB HDD, whereas trucrypt was around 4-6 hours. It isn't much of a time difference, but can be the difference in the long run.

    Also trucrypt allows multibooting (such as linux/windows) whereas bitlocker doesn't, so its worth considering also.

  3. #3


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,365
    Thank Post
    241
    Thanked 2,811 Times in 2,075 Posts
    Rep Power
    812
    Quote Originally Posted by nephilim View Post
    bitlocker took 6-8 hours to do a 1TB HDD
    Did you increase the size of your "System Reserved" partition? I've found that makes a huge difference to the encryption times with Bitlocker. Ours is 1.2GB (rather than the default of 100MB-350MB).

  4. Thanks to Arthur from:

    Sam_Brown (14th May 2014)

  5. #4

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,257
    Thank Post
    1,670
    Thanked 2,014 Times in 1,463 Posts
    Blog Entries
    2
    Rep Power
    451
    We altered the default from 350MB to 1GB flat.

  6. #5
    markwilfan's Avatar
    Join Date
    Feb 2009
    Posts
    165
    Thank Post
    35
    Thanked 20 Times in 16 Posts
    Rep Power
    15
    Yeh we bitlocker all laptops that have TPM modules. With the bitlocker stuffs in GPO it works a dream for key recovery. We weren't bothered by encryption times as they are done before depliyment

  7. #6

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,310
    Thank Post
    311
    Thanked 362 Times in 263 Posts
    Rep Power
    161
    Quote Originally Posted by nephilim View Post
    We didn't do bitlocker here, not because of lack of resources, just that truecrypt was better for us. Bitlocker v trucrypt on the laptops we did, bitlocker took 6-8 hours to do a 1TB HDD, whereas trucrypt was around 4-6 hours.
    Weird! I've always found BL encryption MUCH faster than TC, and only use the latter when there is no TPM. I did find a post suggesting that it's possible to use BL on W8 without TPM, but have yet to test this theory.

    Anyhow, never deployed BL en masse (only do staff laptops) so my only advice is that you may need to activate TPM in BIOS and to avoid changing partition size/structure after encryption.

  8. #7
    Sam_Brown's Avatar
    Join Date
    Sep 2009
    Location
    Northampton
    Posts
    590
    Thank Post
    99
    Thanked 42 Times in 40 Posts
    Rep Power
    19
    We use SCCM to deploy our images here and just have it encrypting the laptops as an extra step in the task sequence. Recovery keys are stored in AD alongside the computer account automatically and we've had no issues whatsoever.

    If build time is an important factor for you it's worth knowing that you have the option of either encrypting during the OS deployment itself or you can allow it to encrypt in the background after it's built. If you decide to allow it to encrypt in the background once it's built then you can easily knock ~4-6 hours off your build time and the overheads of it encrypting in the background aren't a massive issue as it will tend to only encrypt when the laptop isn't in heavy use.

  9. #8
    Sam_Brown's Avatar
    Join Date
    Sep 2009
    Location
    Northampton
    Posts
    590
    Thank Post
    99
    Thanked 42 Times in 40 Posts
    Rep Power
    19
    Quote Originally Posted by Arthur View Post
    Did you increase the size of your "System Reserved" partition? I've found that makes a huge difference to the encryption times with Bitlocker. Ours is 1.2GB (rather than the default of 100MB-350MB).
    Ahhh didn't know about this. Will give it a go.

  10. #9
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    How much of a performance hit do you guys see when running Bit Locker? Laptops with mechanical drives are already painfully slow and this worried me implementing this would only exacerbate the problem. Our standard fleet of laptops right now is the Dell Latitude E5400 with 5400 RPM drives that do about 60MB/59MB on sequential read/write.

  11. #10


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,800
    Thank Post
    231
    Thanked 883 Times in 759 Posts
    Rep Power
    300
    Quote Originally Posted by Duke5A View Post
    How much of a performance hit do you guys see when running Bit Locker? Laptops with mechanical drives are already painfully slow and this worried me implementing this would only exacerbate the problem. Our standard fleet of laptops right now is the Dell Latitude E5400 with 5400 RPM drives that do about 60MB/59MB on sequential read/write.
    on my surface pro near 0 and being windows 8.1 you can set it to only encrypt used portions of the drive so it takes much less time to deploy

  12. Thanks to sted from:

    Duke5A (19th May 2014)

  13. #11

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,310
    Thank Post
    311
    Thanked 362 Times in 263 Posts
    Rep Power
    161
    Quote Originally Posted by Duke5A View Post
    How much of a performance hit do you guys see when running Bit Locker? Laptops with mechanical drives are already painfully slow and this worried me implementing this would only exacerbate the problem. Our standard fleet of laptops right now is the Dell Latitude E5400 with 5400 RPM drives that do about 60MB/59MB on sequential read/write.
    Not noticed one (no SSDs), but then I've only tested it on freshly-imaged machines. That said, not had complaints from staff so presumably OK.

  14. Thanks to LeMarchand from:

    Duke5A (19th May 2014)

  15. #12
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,161
    Thank Post
    704
    Thanked 172 Times in 156 Posts
    Blog Entries
    78
    Rep Power
    86
    Quote Originally Posted by Sam_Brown View Post
    We use SCCM to deploy our images here and just have it encrypting the laptops as an extra step in the task sequence. Recovery keys are stored in AD alongside the computer account automatically and we've had no issues whatsoever.

    If build time is an important factor for you it's worth knowing that you have the option of either encrypting during the OS deployment itself or you can allow it to encrypt in the background after it's built. If you decide to allow it to encrypt in the background once it's built then you can easily knock ~4-6 hours off your build time and the overheads of it encrypting in the background aren't a massive issue as it will tend to only encrypt when the laptop isn't in heavy use.
    Do exactly the same here...works well - apart from staff who are adament that they are typing the right password and "it locks them out"....

  16. Thanks to TheScarfedOne from:

    Sam_Brown (15th May 2014)

  17. #13
    Sam_Brown's Avatar
    Join Date
    Sep 2009
    Location
    Northampton
    Posts
    590
    Thank Post
    99
    Thanked 42 Times in 40 Posts
    Rep Power
    19
    Quote Originally Posted by TheScarfedOne View Post
    Do exactly the same here...works well - apart from staff who are adament that they are typing the right password and "it locks them out"....
    Funnily enough just had this happen now!

  18. #14

    Join Date
    Jan 2013
    Posts
    82
    Thank Post
    20
    Thanked 11 Times in 11 Posts
    Rep Power
    6
    We also bitlocker before deployment so bitlocker only takes around an hour tops to encrypt. Recovery is easy and it's all easy to manage.

    EDIT: The drives are 350gb SSDs
    Last edited by cooka; 15th May 2014 at 04:30 PM.

  19. #15

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,896
    Thank Post
    3,419
    Thanked 1,081 Times in 997 Posts
    Rep Power
    369
    SSD's and software encryption

    http://www.anandtech.com/show/6891/h...h-crucial-m500



    http://www.anandtech.com/show/7572/s...ve-for-840-evo

    Windows 8 or 8.1 should support e drive which takes advantage of the SSD's hardware encryption , only takes seconds or minutes to enable and doesn't have a performance hit , at least not as much as the software encryption does

    Obviously the ssd in question has to support edrive which the M500 does and the 840 evo will after a firmware update as per the links

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Anybody got any experience of AirTight?
    By Eric_Bisto in forum Wireless Networks
    Replies: 2
    Last Post: 28th August 2013, 07:17 AM
  2. Anybody had experience of SpotPal?
    By ghowe79 in forum Wireless Networks
    Replies: 1
    Last Post: 5th March 2011, 04:52 PM
  3. Experience of IDNS.co.uk??
    By alan-d in forum Recommended Suppliers
    Replies: 12
    Last Post: 29th January 2010, 12:20 PM
  4. Experiences of Avast Antivirus
    By eejit in forum Windows
    Replies: 23
    Last Post: 11th December 2008, 12:13 PM
  5. Any experience of ICM?
    By Benjamin in forum Recommended Suppliers
    Replies: 3
    Last Post: 3rd January 2006, 11:17 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •