Hey guys,
We have a variety of Dell machines, some that do include TPM ver 1.2 some that do not include TPM at all.
I'd like to encrypt all of the laptop & workstation machines with Bitlocker across the board and store the keys in AD. I have a couple of questions and I'm hoping that you can point me in the right direction.
1) Machines that do not have TPM 1.2 or a compatible version TPM chip, does that mean that users will have to always carry a USB drive in order to unlock their computers every time they need to login?
2) What happens to those machines that were encrypted with Bitlocker with the keys saved to a file and not in AD? Do they need to be decrypted and then re-encrypted with AD options ?
3)I just built new Win7 images using WDS. We are a fairly small shop, so If I had to manually encrypt every machine, that wouldn't be a big deal. How would you go about encrypting machines? considering that I will be reimaging most of them anyway....
4) Any suggestions on centralized solution for encrypting tablets (Android and/or Apple) and phones ?
Thank you in advance.