+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows 7 Thread, Bitlocker Anybody experience of deploying in Technical; hi, I have an existing cohort of ~100 laptops running Windows 7. I have been asked to encrypt the drives. ...
  1. #1
    Rod
    Rod is offline

    Join Date
    Apr 2013
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Bitlocker Anybody experience of deploying

    hi,
    I have an existing cohort of ~100 laptops running Windows 7. I have been asked to encrypt the drives.

    Anybody got experience of deploying Bitlocker or similar.

    P.S. The machines do have TPM.

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,308
    Thank Post
    1,673
    Thanked 2,023 Times in 1,470 Posts
    Blog Entries
    2
    Rep Power
    457
    We didn't do bitlocker here, not because of lack of resources, just that truecrypt was better for us. Bitlocker v trucrypt on the laptops we did, bitlocker took 6-8 hours to do a 1TB HDD, whereas trucrypt was around 4-6 hours. It isn't much of a time difference, but can be the difference in the long run.

    Also trucrypt allows multibooting (such as linux/windows) whereas bitlocker doesn't, so its worth considering also.

  3. #3


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,477
    Thank Post
    246
    Thanked 2,839 Times in 2,096 Posts
    Rep Power
    817
    Quote Originally Posted by nephilim View Post
    bitlocker took 6-8 hours to do a 1TB HDD
    Did you increase the size of your "System Reserved" partition? I've found that makes a huge difference to the encryption times with Bitlocker. Ours is 1.2GB (rather than the default of 100MB-350MB).

  4. Thanks to Arthur from:

    Sam_Brown (14th May 2014)

  5. #4

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,308
    Thank Post
    1,673
    Thanked 2,023 Times in 1,470 Posts
    Blog Entries
    2
    Rep Power
    457
    We altered the default from 350MB to 1GB flat.

  6. #5
    markwilfan's Avatar
    Join Date
    Feb 2009
    Posts
    165
    Thank Post
    35
    Thanked 21 Times in 17 Posts
    Rep Power
    15
    Yeh we bitlocker all laptops that have TPM modules. With the bitlocker stuffs in GPO it works a dream for key recovery. We weren't bothered by encryption times as they are done before depliyment

  7. #6

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,341
    Thank Post
    315
    Thanked 365 Times in 266 Posts
    Rep Power
    161
    Quote Originally Posted by nephilim View Post
    We didn't do bitlocker here, not because of lack of resources, just that truecrypt was better for us. Bitlocker v trucrypt on the laptops we did, bitlocker took 6-8 hours to do a 1TB HDD, whereas trucrypt was around 4-6 hours.
    Weird! I've always found BL encryption MUCH faster than TC, and only use the latter when there is no TPM. I did find a post suggesting that it's possible to use BL on W8 without TPM, but have yet to test this theory.

    Anyhow, never deployed BL en masse (only do staff laptops) so my only advice is that you may need to activate TPM in BIOS and to avoid changing partition size/structure after encryption.

  8. #7
    Sam_Brown's Avatar
    Join Date
    Sep 2009
    Location
    Northampton
    Posts
    594
    Thank Post
    100
    Thanked 42 Times in 40 Posts
    Rep Power
    19
    We use SCCM to deploy our images here and just have it encrypting the laptops as an extra step in the task sequence. Recovery keys are stored in AD alongside the computer account automatically and we've had no issues whatsoever.

    If build time is an important factor for you it's worth knowing that you have the option of either encrypting during the OS deployment itself or you can allow it to encrypt in the background after it's built. If you decide to allow it to encrypt in the background once it's built then you can easily knock ~4-6 hours off your build time and the overheads of it encrypting in the background aren't a massive issue as it will tend to only encrypt when the laptop isn't in heavy use.

  9. #8
    Sam_Brown's Avatar
    Join Date
    Sep 2009
    Location
    Northampton
    Posts
    594
    Thank Post
    100
    Thanked 42 Times in 40 Posts
    Rep Power
    19
    Quote Originally Posted by Arthur View Post
    Did you increase the size of your "System Reserved" partition? I've found that makes a huge difference to the encryption times with Bitlocker. Ours is 1.2GB (rather than the default of 100MB-350MB).
    Ahhh didn't know about this. Will give it a go.

  10. #9
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    819
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    How much of a performance hit do you guys see when running Bit Locker? Laptops with mechanical drives are already painfully slow and this worried me implementing this would only exacerbate the problem. Our standard fleet of laptops right now is the Dell Latitude E5400 with 5400 RPM drives that do about 60MB/59MB on sequential read/write.

  11. #10


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,820
    Thank Post
    231
    Thanked 890 Times in 765 Posts
    Rep Power
    302
    Quote Originally Posted by Duke5A View Post
    How much of a performance hit do you guys see when running Bit Locker? Laptops with mechanical drives are already painfully slow and this worried me implementing this would only exacerbate the problem. Our standard fleet of laptops right now is the Dell Latitude E5400 with 5400 RPM drives that do about 60MB/59MB on sequential read/write.
    on my surface pro near 0 and being windows 8.1 you can set it to only encrypt used portions of the drive so it takes much less time to deploy

  12. Thanks to sted from:

    Duke5A (19th May 2014)

  13. #11

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,341
    Thank Post
    315
    Thanked 365 Times in 266 Posts
    Rep Power
    161
    Quote Originally Posted by Duke5A View Post
    How much of a performance hit do you guys see when running Bit Locker? Laptops with mechanical drives are already painfully slow and this worried me implementing this would only exacerbate the problem. Our standard fleet of laptops right now is the Dell Latitude E5400 with 5400 RPM drives that do about 60MB/59MB on sequential read/write.
    Not noticed one (no SSDs), but then I've only tested it on freshly-imaged machines. That said, not had complaints from staff so presumably OK.

  14. Thanks to LeMarchand from:

    Duke5A (19th May 2014)

  15. #12
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,163
    Thank Post
    716
    Thanked 172 Times in 156 Posts
    Blog Entries
    78
    Rep Power
    86
    Quote Originally Posted by Sam_Brown View Post
    We use SCCM to deploy our images here and just have it encrypting the laptops as an extra step in the task sequence. Recovery keys are stored in AD alongside the computer account automatically and we've had no issues whatsoever.

    If build time is an important factor for you it's worth knowing that you have the option of either encrypting during the OS deployment itself or you can allow it to encrypt in the background after it's built. If you decide to allow it to encrypt in the background once it's built then you can easily knock ~4-6 hours off your build time and the overheads of it encrypting in the background aren't a massive issue as it will tend to only encrypt when the laptop isn't in heavy use.
    Do exactly the same here...works well - apart from staff who are adament that they are typing the right password and "it locks them out"....

  16. Thanks to TheScarfedOne from:

    Sam_Brown (15th May 2014)

  17. #13
    Sam_Brown's Avatar
    Join Date
    Sep 2009
    Location
    Northampton
    Posts
    594
    Thank Post
    100
    Thanked 42 Times in 40 Posts
    Rep Power
    19
    Quote Originally Posted by TheScarfedOne View Post
    Do exactly the same here...works well - apart from staff who are adament that they are typing the right password and "it locks them out"....
    Funnily enough just had this happen now!

  18. #14

    Join Date
    Jan 2013
    Posts
    84
    Thank Post
    20
    Thanked 11 Times in 11 Posts
    Rep Power
    6
    We also bitlocker before deployment so bitlocker only takes around an hour tops to encrypt. Recovery is easy and it's all easy to manage.

    EDIT: The drives are 350gb SSDs
    Last edited by cooka; 15th May 2014 at 05:30 PM.

  19. #15

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,944
    Thank Post
    3,476
    Thanked 1,092 Times in 1,007 Posts
    Rep Power
    371
    SSD's and software encryption

    http://www.anandtech.com/show/6891/h...h-crucial-m500



    http://www.anandtech.com/show/7572/s...ve-for-840-evo

    Windows 8 or 8.1 should support e drive which takes advantage of the SSD's hardware encryption , only takes seconds or minutes to enable and doesn't have a performance hit , at least not as much as the software encryption does

    Obviously the ssd in question has to support edrive which the M500 does and the 840 evo will after a firmware update as per the links



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Anybody got any experience of AirTight?
    By Eric_Bisto in forum Wireless Networks
    Replies: 2
    Last Post: 28th August 2013, 08:17 AM
  2. Anybody had experience of SpotPal?
    By ghowe79 in forum Wireless Networks
    Replies: 1
    Last Post: 5th March 2011, 05:52 PM
  3. Experience of IDNS.co.uk??
    By alan-d in forum Recommended Suppliers
    Replies: 12
    Last Post: 29th January 2010, 01:20 PM
  4. Experiences of Avast Antivirus
    By eejit in forum Windows
    Replies: 23
    Last Post: 11th December 2008, 01:13 PM
  5. Any experience of ICM?
    By Benjamin in forum Recommended Suppliers
    Replies: 3
    Last Post: 4th January 2006, 12:17 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •