Welcome to TechNet Blogs Sign in | Join | Help

How to centrally manage Vista's BitLocker encryption? System Center Configuration Manager (SCCM) has the answer

Many people (outside Microsoft) have cited concerns over how to manage Windows Vista's Bitlocker encryption feature set for large groups of machines. The native Active Directory functionality works pretty well and covers the automatic publication of the recovery keys so that you can both meet corporate governance requirements (including the Regulation of Investigatory Powers Act (RIPA) in the UK) and provide the means to help users "who's dog has eaten their encryption key" via the help desk.

System Center Configuration Manager (SCCM) enables you to automatically partition the hard disk as required by Bitlocker, configure the Trusted Platform Module (TPM) (if present), automatically configure Bitlocker to encrypt the hard disk, specify the appropriate authentication mechanism (TPM, PIN, USB device) and publish the keys to Active Directory.

Published Tuesday, August 21, 2007 8:46 AM by Steve Lamb

Comments

# re: How to centrally manage Vista's BitLocker encryption? System Center Configuration Manager (SCCM) has the answer

There is no corporate governance requirement to ensure decryption keys are recoverable under RIPA.  There was a fuss about this in 2000, under the rubric of "key-escrow by intimidation", and the bill was amended so as not to place corporate officers in any legal jeopardy for failing to ensure keys were recoverable (see http://www.cyber-rights.org/documents/hc-rip.htm)

Of course there are other reasons why assuring key recovery is a good idea, but RIPA compliance is not one of them.

Tuesday, August 21, 2007 7:54 AM by Rufus Spottle

# Hur kan System Center Configuration Manager hjälpa till med Bitlocker? Min kollega Steve Lamb reder ut begreppen.

Hej, För dem av er som undrar lite över nyheterna i SCCM så är detta kanske en bra sådan att tänka på;

Thursday, August 23, 2007 5:02 AM by Swedish IT Pro Evangelists' Blog

# Bitlocker revisited

A while ago I wrote a blog post on BitLocker Drive Encryption and why I thought it wasn’t ready for prime

Tuesday, September 11, 2007 3:05 AM by The things that are better left unspoken
New Comments to this post are disabled
 
Page view tracker