Is my plan for Bitlocker deployment missing anything? The Next CEO of Stack OverflowMoving...
Why is the US ranked as #45 in Press Freedom ratings, despite its extremely permissive free speech laws?
What difference does it make using sed with/without whitespaces?
What CSS properties can the br tag have?
Are the names of these months realistic?
How do I fit a non linear curve?
How to use ReplaceAll on an expression that contains a rule
What does "shotgun unity" refer to here in this sentence?
How to find image of a complex function with given constraints?
What would be the main consequences for a country leaving the WTO?
Spaces in which all closed sets are regular closed
Why do we say 'Un seul M' and not 'Une seule M' even though M is a "consonne"
Lucky Feat: How can "more than one creature spend a luck point to influence the outcome of a roll"?
Getting Stale Gas Out of a Gas Tank w/out Dropping the Tank
From jafe to El-Guest
"Eavesdropping" vs "Listen in on"
My ex-girlfriend uses my Apple ID to login to her iPad, do I have to give her my Apple ID password to reset it?
Small nick on power cord from an electric alarm clock, and copper wiring exposed but intact
Reference request: Grassmannian and Plucker coordinates in type B, C, D
Film where the government was corrupt with aliens, people sent to kill aliens are given rigged visors not showing the right aliens
How to avoid supervisors with prejudiced views?
Is a distribution that is normal, but highly skewed, considered Gaussian?
Reshaping json / reparing json inside shell script (remove trailing comma)
What is the process for cleansing a very negative action
How did Beeri the Hittite come up with naming his daughter Yehudit?
Is my plan for Bitlocker deployment missing anything?
The Next CEO of Stack OverflowMoving BitLocker startup key from flash memory to USB key?Windows Active Directory Bitlocker deploymentHow to enable BitLocker with no prompts to the end userBitLocker - No TPM & No Flash DriveBitLocker Group Policy RequirementsCan I recover a bitlocker encrypted drive offline?Bitlocker on Hyper-V serverBitlocker not auto-unlocking C: drive on server 2008 R2Checking which PCR triggered for BitLocker recoveryCannot save BitLocker keys to ADDS for certain machines
1.) Confirm that TPM is activated in the BIOS of all workstations.
- All of these workstations are using Windows 10 Pro, which I believe automatically activates the TPM chip when the OS is installed right? I read that here https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-orga...
2.) Create GPO for Bitlocker settings and apply it to test OU
- I created a GPO that sets the drive encryption method and cipher strength (AES 256-bits) and makes AD store the recovery password as an attribute of the Computer object.
3.) Apply GPO to my test OU made up of three Windows 10 test machines I've set up.
- From my understanding so far, the GPO only contains the settings that should be applied once Bitlocker is enabled right? It doesn't enable Bitlocker encryption itself, so I can push a Powershell script to the three test machines and enable the encryption.
4.) Confirm that Bitlocker has been enabled on the test machines and that the keys are being stored properly in AD
5.) Continue deployment to live workstations in small groups to make it easy to troubleshoot problems.
This is the plan I've drawn up so far. I'm interested to know if I'm overlooking anything major? The goal is to have Bitlocker full drive encryption deployed to our workstations and store the recovery keys in AD. I also intend for this to be as no-touch as possible by using the GPOs and powershell scripts pushed by a remote management agent.
windows active-directory bitlocker
asked 3 mins ago
destinyunbound3destinyunbound3
1
New contributor
destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
1.) Confirm that TPM is activated in the BIOS of all workstations.
- All of these workstations are using Windows 10 Pro, which I believe automatically activates the TPM chip when the OS is installed right? I read that here https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-orga...
2.) Create GPO for Bitlocker settings and apply it to test OU
- I created a GPO that sets the drive encryption method and cipher strength (AES 256-bits) and makes AD store the recovery password as an attribute of the Computer object.
3.) Apply GPO to my test OU made up of three Windows 10 test machines I've set up.
- From my understanding so far, the GPO only contains the settings that should be applied once Bitlocker is enabled right? It doesn't enable Bitlocker encryption itself, so I can push a Powershell script to the three test machines and enable the encryption.
4.) Confirm that Bitlocker has been enabled on the test machines and that the keys are being stored properly in AD
5.) Continue deployment to live workstations in small groups to make it easy to troubleshoot problems.
This is the plan I've drawn up so far. I'm interested to know if I'm overlooking anything major? The goal is to have Bitlocker full drive encryption deployed to our workstations and store the recovery keys in AD. I also intend for this to be as no-touch as possible by using the GPOs and powershell scripts pushed by a remote management agent.
windows active-directory bitlocker
asked 3 mins ago
destinyunbound3destinyunbound3
1
New contributor
destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
1.) Confirm that TPM is activated in the BIOS of all workstations.
- All of these workstations are using Windows 10 Pro, which I believe automatically activates the TPM chip when the OS is installed right? I read that here https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-orga...
2.) Create GPO for Bitlocker settings and apply it to test OU
- I created a GPO that sets the drive encryption method and cipher strength (AES 256-bits) and makes AD store the recovery password as an attribute of the Computer object.
3.) Apply GPO to my test OU made up of three Windows 10 test machines I've set up.
- From my understanding so far, the GPO only contains the settings that should be applied once Bitlocker is enabled right? It doesn't enable Bitlocker encryption itself, so I can push a Powershell script to the three test machines and enable the encryption.
4.) Confirm that Bitlocker has been enabled on the test machines and that the keys are being stored properly in AD
5.) Continue deployment to live workstations in small groups to make it easy to troubleshoot problems.
This is the plan I've drawn up so far. I'm interested to know if I'm overlooking anything major? The goal is to have Bitlocker full drive encryption deployed to our workstations and store the recovery keys in AD. I also intend for this to be as no-touch as possible by using the GPOs and powershell scripts pushed by a remote management agent.
windows active-directory bitlocker
asked 3 mins ago
destinyunbound3destinyunbound3
1
New contributor
destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1.) Confirm that TPM is activated in the BIOS of all workstations.
- All of these workstations are using Windows 10 Pro, which I believe automatically activates the TPM chip when the OS is installed right? I read that here https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-orga...
2.) Create GPO for Bitlocker settings and apply it to test OU
- I created a GPO that sets the drive encryption method and cipher strength (AES 256-bits) and makes AD store the recovery password as an attribute of the Computer object.
3.) Apply GPO to my test OU made up of three Windows 10 test machines I've set up.
- From my understanding so far, the GPO only contains the settings that should be applied once Bitlocker is enabled right? It doesn't enable Bitlocker encryption itself, so I can push a Powershell script to the three test machines and enable the encryption.
4.) Confirm that Bitlocker has been enabled on the test machines and that the keys are being stored properly in AD
5.) Continue deployment to live workstations in small groups to make it easy to troubleshoot problems.
This is the plan I've drawn up so far. I'm interested to know if I'm overlooking anything major? The goal is to have Bitlocker full drive encryption deployed to our workstations and store the recovery keys in AD. I also intend for this to be as no-touch as possible by using the GPOs and powershell scripts pushed by a remote management agent.
windows active-directory bitlocker
windows active-directory bitlocker
asked 3 mins ago
destinyunbound3destinyunbound3
1
New contributor
destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 mins ago
destinyunbound3destinyunbound3
1
New contributor
destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 mins ago
destinyunbound3destinyunbound3
1
New contributor
destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 mins ago
destinyunbound3destinyunbound3
1
asked 3 mins ago
destinyunbound3destinyunbound3
1
1
New contributor
destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
destinyunbound3 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960874%2fis-my-plan-for-bitlocker-deployment-missing-anything%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
destinyunbound3 is a new contributor. Be nice, and check out our Code of Conduct.
destinyunbound3 is a new contributor. Be nice, and check out our Code of Conduct.
destinyunbound3 is a new contributor. Be nice, and check out our Code of Conduct.
destinyunbound3 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960874%2fis-my-plan-for-bitlocker-deployment-missing-anything%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
