The second option, “Startup Key on USB only”, will build a USB key that must be in the machine for the computer to boot into the operating system. The “TPM only” option is standard BitLocker – users will only be prompted for the password if a BIOS or hardware change is detected, or if the drive is removed from the computer. Some things to pay attention to are the key assignment and whether or not to store the recovery key in AD. You can change these options as your organizational policy dictates. Here is what the BitLocker step looks like: It, however, is not as simple as just adding the step. ![]() ![]() ![]() SCCM comes with the ability to use BitLocker to encrypt during imaging. ![]() Part of this effort is to encrypt computers, especially laptops that leave the building. With the continued onslaught of news about companies being hacked, security is at an all-time high in terms of importance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |