+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28
Windows 7 Thread, BitLocker on laptops in Technical; Well the first few have to go out by Friday so I'll revisit the thread in a few months and ...
  1. #16
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,691
    Thank Post
    171
    Thanked 222 Times in 205 Posts
    Rep Power
    68
    Well the first few have to go out by Friday so I'll revisit the thread in a few months and report back how long they last

    Some interesting info comparing the pros and cons of EFS vs BitLocker here...

    Prevent data theft with Windows Vista's Encrypted File System (EFS) and BitLocker | TechRepublic

    That 1.5GB partition is only the little 100MB hidden one in 7 so not too worried about that

  2. #17


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,800
    Thank Post
    231
    Thanked 883 Times in 759 Posts
    Rep Power
    300
    Quote Originally Posted by teejay View Post
    They'll all be broken in a few weeks from having the usb encryption key rammed in the wrong way round anyway
    along with the network and hdmi sockets

    as a minor point you do know bitlocker isnt in pro its only enterprise and ultimate

  3. #18
    Killer_Bot's Avatar
    Join Date
    Dec 2009
    Location
    Great Britain
    Posts
    75
    Thank Post
    5
    Thanked 13 Times in 12 Posts
    Rep Power
    12
    Quote Originally Posted by teejay View Post
    They'll all be broken in a few weeks from having the usb encryption key rammed in the wrong way round anyway
    Not if they used these;

    Double USB concept ends your fear of USB plug rejection -- Engadget

    (Pretending they were actually a product right now and not a concept!)


  4. #19
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,691
    Thank Post
    171
    Thanked 222 Times in 205 Posts
    Rep Power
    68
    Quote Originally Posted by sted View Post
    along with the network and hdmi sockets

    as a minor point you do know bitlocker isnt in pro its only enterprise and ultimate
    Yup no issue here, Enterprise CALs rule all

  5. #20


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,800
    Thank Post
    231
    Thanked 883 Times in 759 Posts
    Rep Power
    300
    Quote Originally Posted by gshaw View Post
    Yup no issue here, Enterprise CALs rule all
    lucky you all my win7 is pro oem

  6. #21
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,691
    Thank Post
    171
    Thanked 222 Times in 205 Posts
    Rep Power
    68
    Indeed, very glad we have Campus license here

    Would be ideal to use BitLocker to go to secure any transfers but our desktops are all XP so might still be an issue there, won't be for much longer though as I'm planning to move them to 7 in the next year or so. In the meantime a couple of encrypted USB sticks from Integral or suchlike will probably suffice to ease my paranoia along with this GPO...

    http://blogs.catapultsystems.com/IT/...e-devices.aspx
    Last edited by gshaw; 7th February 2011 at 05:00 PM.

  7. #22


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,356
    Thank Post
    241
    Thanked 2,808 Times in 2,073 Posts
    Rep Power
    812
    Quote Originally Posted by gshaw View Post
    Isn't that 100MB partition hidden anyway?
    It is hidden, but it also contains boot files for WinRE too...

    The 100 MB system partition is used primarily as BitLocker partition for BitLocker encryption. Additionally, it also holds the Windows Recovery Environment (WinRE) and boot files with boot manager for booting up the computer for troubleshooting when there is no Windows 7 installation DVD disc on hand. (Source)
    By the way, if you turn on BitLocker before joining a computer to your domain, you may want to read the following article to ensure the recovery keys get stored in AD...

    http://blogs.technet.com/b/askcore/a...windows-7.aspx

  8. #23
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,691
    Thank Post
    171
    Thanked 222 Times in 205 Posts
    Rep Power
    68
    Thanks for the link, another one saved to the Bookmark list!

    I'm in two minds about whether to join these machines to the domain as they'll never be connected to it. I guess for the first time sync of policies e.g. BitLocker and maybe USB device restriction it could be handy but apart from that I'm not sure if there's any benefit?

  9. #24

    Join Date
    Jun 2009
    Location
    Dereham, Norfolk
    Posts
    12
    Thank Post
    8
    Thanked 2 Times in 2 Posts
    Rep Power
    11
    I've recently enabled BitLocker on some of our staff laptops. I thought this could only be enabled on machines that have TPM? I attempted enabling it on non-TPM laptops, and didn't get anywhere with it.

    What I found during going through the BitLocker setup wizard is that it creates the necessary partioning and information required. We're not currently implementing storing the recovery information in AD, so I simply stored the recovery key to a file on a protected network share.

    I'd be interested to know if you get anywhere enabling without the need for TPM

    We have added ours to the domain so they do get a policy. It was necessary for us to allow control over turning proxy settings on/off (the default for our workstations is that settings are locked) and adding a logon information box after the ctrl + alt + del screen to inform them of how to logon locally.
    Last edited by DannyG555; 10th February 2011 at 11:15 AM.

  10. #25

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,206
    Thank Post
    286
    Thanked 777 Times in 587 Posts
    Rep Power
    336
    Quote Originally Posted by DannyG555 View Post
    I've recently enabled BitLocker on some of our staff laptops. I thought this could only be enabled on machines that have TPM? I attempted enabling it on non-TPM laptops, and didn't get anywhere with it.

    What I found during going through the BitLocker setup wizard is that it creates the necessary partioning and information required. We're not currently implementing storing the recovery information in AD, so I simply stored the recovery key to a file on a protected network share.

    I'd be interested to know if you get anywhere enabling without the need for TPM
    You can disable the requirement for TPM through group policy.

  11. #26
    Killer_Bot's Avatar
    Join Date
    Dec 2009
    Location
    Great Britain
    Posts
    75
    Thank Post
    5
    Thanked 13 Times in 12 Posts
    Rep Power
    12
    Quote Originally Posted by DannyG555 View Post
    I've recently enabled BitLocker on some of our staff laptops. I thought this could only be enabled on machines that have TPM? I attempted enabling it on non-TPM laptops, and didn't get anywhere with it.

    What I found during going through the BitLocker setup wizard is that it creates the necessary partioning and information required. We're not currently implementing storing the recovery information in AD, so I simply stored the recovery key to a file on a protected network share.

    I'd be interested to know if you get anywhere enabling without the need for TPM
    You need to deploy a GPO and set the option to enable without TPM on the particular machine/s. You have to use a new method though which requires that a USB Key be inserted at startup and if that key is lost then you need to have it backed up else the entire drive is unusable.

  12. #27

    Join Date
    Jun 2009
    Location
    Dereham, Norfolk
    Posts
    12
    Thank Post
    8
    Thanked 2 Times in 2 Posts
    Rep Power
    11
    Thanks guys. I think having to use a USB key to get their laptop booted is going to cause more issues for us than it's worth! Had a teacher the other day that didn't know what a USB key was lol. I didn't think it was possible not to, but there you go.

  13. #28
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,161
    Thank Post
    704
    Thanked 172 Times in 156 Posts
    Blog Entries
    78
    Rep Power
    86
    You might want to go and take a look on my blog. Ive just finished a three poster on how we deploy Windows 7 with Bitlocker on all our staff laptops. Works a dream. We use SCCM to manage the process - but in case you dont have it (and you should get it by the way!!), you can do all the same stuff with MDT as well. I will be posting an app up too shortly for changing pin codes, which needs you to be an Admin user normally.

  14. Thanks to TheScarfedOne from:

    MWT (27th January 2012)

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. [SCCM 2007] Deploying Windows 7 and BitLocker
    By Ric_ in forum O/S Deployment
    Replies: 4
    Last Post: 23rd June 2010, 07:52 PM
  2. Replies: 1
    Last Post: 5th December 2009, 09:52 AM
  3. HP Laptops
    By laserblazer in forum Hardware
    Replies: 13
    Last Post: 30th November 2007, 06:49 PM
  4. Replies: 1
    Last Post: 24th July 2007, 08:10 PM
  5. Vista Bitlocker
    By Nij.UK in forum Windows Vista
    Replies: 0
    Last Post: 6th June 2007, 08:11 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •