Anyway of scripting the truecrypt install and encryption? Thats its downside. Bitlocker is better but not really secure as staff will leave the usb stick in the laptop making it pointless. You really should be using truecrypt even if you have to install it manually The ico can fine if sensative data is lost.
As far as I know there's no way of scripting TrueCrypt; that's why we use this:
Main Page/en - DiskCryptor wiki
I can automate that as part of my staff laptop auto-build process.
how do you automate it ?
It has a command-line version that accepts all necessary parameters. I've posted in detail about the scripting we use here to automate the entire re-imaging process here.
You can defo do bitlocker without TPM or pin with a USB start up.
On windows 7 with just a pin?
AFAIK as long as the device has a TPM module you can do away with the USB. The USB does the same job as the TPM.
in the end I used TrueCrypt and am happy with it, and am using some backup software to backup up to one of our servers when they are on site.
Many Thanks Guys!
Out of interest for the people using TrueCrypt for full disk encryption, how do you manage the passwords for the laptops? Do you just assign a password for each laptop or do you let the staff pick their own? As I believe a standard user can't change the boot up password.
Another Question - ref truecrypt - if the motherboard needs to be replaced etc what steps do you have to take or do to get the drive sync'ed to the replacement motherboard or do you enter in the passwords etc and it just de-crypts or what exactly ?