Why we should BitLocker (or any other drive encryption) should be clear. A stolen laptop is only worth as much as the retrievable data on it + the value of the laptop. In large enterprises this could be millions of dollars, but for personal use this could lead to embarrassment or worse.
But enterprises seem to struggle with the implementation of BitLocker, amongst the pain points:
- No auditing – unsure which laptops have it enabled or which ones don’t
- Administrative overhead – administrators must manually enable it
- Scripting – if enabled during deployment scripting is required
- Storage of keys in Active Directory – clear text storage of recovery keys
In order to cope with these and other challenges, Microsoft has released the BitLocker Administration and Monitoring toolkit. For the ones that try to download it on the website, sorry, it is only available in the Microsoft Desktop Optimization Pack which comes with a software assurance agreement with Microsoft.
This post goes into the architecture, what users see of it.. and more in depth knowlegde.. soon, the post with the install instructions!