Otdfbt

Can compressed videos be decoded back to their uncompresed original format?

Where would I need my direct neural interface to be implanted?

How obscure is the use of 令 in 令和?

Finitely generated matrix groups whose eigenvalues are all algebraic

Avoiding the "not like other girls" trope?

How do conventional missiles fly?

Why didn't Boeing produce its own regional jet?

Sums of two squares in arithmetic progressions

Is it a bad idea to plug the other end of ESD strap to wall ground?

What is a Samsaran Word™?

Pact of Blade Warlock with Dancing Blade

How seriously should I take size and weight limits of hand luggage?

Forgetting the musical notes while performing in concert

Does the Idaho Potato Commission associate potato skins with healthy eating?

How dangerous is XSS

Obtaining database information and values in extended properties

Implication of namely

How to travel to Japan while expressing milk?

What are the G forces leaving Earth orbit?

Why was the shrink from 8″ made only to 5.25″ and not smaller (4″ or less)

Notepad++ delete until colon for every line with replace all

How can a day be of 24 hours?

Knowledge-based authentication using Domain-driven Design in C#

Why were 5.25" floppy drives cheaper than 8"?

Is my plan for Bitlocker deployment missing anything?

Moving BitLocker startup key from flash memory to USB key?Windows Active Directory Bitlocker deploymentHow to enable BitLocker with no prompts to the end userBitLocker - No TPM & No Flash DriveBitLocker Group Policy RequirementsCan I recover a bitlocker encrypted drive offline?Bitlocker on Hyper-V serverBitlocker not auto-unlocking C: drive on server 2008 R2Checking which PCR triggered for BitLocker recoveryCannot save BitLocker keys to ADDS for certain machines

1

1.) Confirm that TPM is activated in the BIOS of all workstations.

 - All of these workstations are using Windows 10 Pro, which I believe automatically activates the TPM chip when the OS is installed right? I read that here https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-orga...  

2.) Create GPO for Bitlocker settings and apply it to test OU

 - I created a GPO that sets the drive encryption method and cipher strength (AES 256-bits) and makes AD store the recovery password as an attribute of the Computer object.

3.) Apply GPO to my test OU made up of three Windows 10 test machines I've set up.

 - From my understanding so far, the GPO only contains the settings that should be applied once Bitlocker is enabled right? It doesn't enable Bitlocker encryption itself, so I can push a Powershell script to the three test machines and enable the encryption.

4.) Confirm that Bitlocker has been enabled on the test machines and that the keys are being stored properly in AD

5.) Continue deployment to live workstations in small groups to make it easy to troubleshoot problems.

This is the plan I've drawn up so far. I'm interested to know if I'm overlooking anything major? The goal is to have Bitlocker full drive encryption deployed to our workstations and store the recovery keys in AD. I also intend for this to be as no-touch as possible by using the GPOs and powershell scripts pushed by a remote management agent.

windows active-directory bitlocker

share|improve this question

asked yesterday

destinyunbound3destinyunbound3

91

New contributor

destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

1

1.) Confirm that TPM is activated in the BIOS of all workstations.

 - All of these workstations are using Windows 10 Pro, which I believe automatically activates the TPM chip when the OS is installed right? I read that here https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-orga...  

2.) Create GPO for Bitlocker settings and apply it to test OU

 - I created a GPO that sets the drive encryption method and cipher strength (AES 256-bits) and makes AD store the recovery password as an attribute of the Computer object.

3.) Apply GPO to my test OU made up of three Windows 10 test machines I've set up.

 - From my understanding so far, the GPO only contains the settings that should be applied once Bitlocker is enabled right? It doesn't enable Bitlocker encryption itself, so I can push a Powershell script to the three test machines and enable the encryption.

4.) Confirm that Bitlocker has been enabled on the test machines and that the keys are being stored properly in AD

5.) Continue deployment to live workstations in small groups to make it easy to troubleshoot problems.

This is the plan I've drawn up so far. I'm interested to know if I'm overlooking anything major? The goal is to have Bitlocker full drive encryption deployed to our workstations and store the recovery keys in AD. I also intend for this to be as no-touch as possible by using the GPOs and powershell scripts pushed by a remote management agent.

windows active-directory bitlocker

share|improve this question

asked yesterday

destinyunbound3destinyunbound3

91

New contributor

destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

1.) Confirm that TPM is activated in the BIOS of all workstations.

 - All of these workstations are using Windows 10 Pro, which I believe automatically activates the TPM chip when the OS is installed right? I read that here https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-orga...  

2.) Create GPO for Bitlocker settings and apply it to test OU

 - I created a GPO that sets the drive encryption method and cipher strength (AES 256-bits) and makes AD store the recovery password as an attribute of the Computer object.

3.) Apply GPO to my test OU made up of three Windows 10 test machines I've set up.

 - From my understanding so far, the GPO only contains the settings that should be applied once Bitlocker is enabled right? It doesn't enable Bitlocker encryption itself, so I can push a Powershell script to the three test machines and enable the encryption.

4.) Confirm that Bitlocker has been enabled on the test machines and that the keys are being stored properly in AD

5.) Continue deployment to live workstations in small groups to make it easy to troubleshoot problems.

This is the plan I've drawn up so far. I'm interested to know if I'm overlooking anything major? The goal is to have Bitlocker full drive encryption deployed to our workstations and store the recovery keys in AD. I also intend for this to be as no-touch as possible by using the GPOs and powershell scripts pushed by a remote management agent.

windows active-directory bitlocker

share|improve this question

asked yesterday

destinyunbound3destinyunbound3

91

New contributor

destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked yesterday

destinyunbound3destinyunbound3

91

New contributor

destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked yesterday

destinyunbound3destinyunbound3

91

New contributor

destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked yesterday

destinyunbound3destinyunbound3

91

New contributor

destinyunbound3 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked yesterday

destinyunbound3destinyunbound3

91