Well, let me assure you, the BitLocker code underwent serious scrutiny
before we released it. Also, to allay another worry your organization might
have, there are no back doors, period:
http://blogs.technet.com/steriley/ar...ocker-too.aspx
Do your users run as local admin? If not, then as I wrote before, they can't
enable BitLocker anyway, so no worries.
--
Steve Riley
steve.riley@xxxxxx
http://blogs.technet.com/steriley http://www.protectyourwindowsnetwork.com
"Whitefearn" <Whitefearn@xxxxxx> wrote in message
news:CC05D417-A2B5-4979-8FA9-F7B90745DF93@xxxxxx
Quote:
> Most of it's internal politics.
>
> We are in the Medical Industry (HIPPA is a huge concern) and chose
> Safeboot
> as our encryption solution last year. So there is a "we already spent the
> time and money to do this...." mentality.
>
> Also, there are folks who think because it is Microsoft, there will be
> security holes in it. Couple that with it being the "first model year" of
> the
> product they don't feel we should jump on that bandwagon untill it is
> proven.
>
> "Steve Riley [MSFT]" wrote:
> Quote:
>> Whitefearn--
>>
>> No, there is no specific GPO for preventing the use of BitLocker.
>>
>> If user's aren't running as local administrators, then they can't enable
>> BitLocker anyway, so there's one way to prevent it. A more complicated
>> way
>> would be to configure the group policy that requires backing up keys to
>> Active Directory but then don't do AD setup required for this -- thus
>> guaranteeing BitLocker installation failure.
>>
>> I am curious, though -- why do you not want to take advantage of one of
>> the
>> most important features available for protecting mobile data on laptops?
>>
>> --
>> Steve Riley
>> steve.riley@xxxxxx
>> http://blogs.technet.com/steriley
>> http://www.protectyourwindowsnetwork.com
>>
>>
>> "Richard G. Harper" <rgharper@xxxxxx> wrote in message
>> news:EB3EEFBC-DD12-4E9E-9F87-D2F833AACEC5@xxxxxx Quote:
>> > I didn't have time to read all the documents I found, but in general if
>> > you can configure it via Active Directory, that includes the ability to
>> > disable it.
>> >
>> > --
>> > Richard G. Harper [MVP Shell/User] rgharper@xxxxxx
>> > * NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
>> > * PLEASE post all messages and replies in the newsgroups
>> > * The Website - http://rgharper.mvps.org/
>> > * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
>> >
>> >
>> > "Whitefearn" <Whitefearn@xxxxxx> wrote in message
>> > news:9B952496-60AC-41DF-B755-D362C1EBDC1E@xxxxxx
>> >>I have seen quite a few posts regarging configuring it, but not
>> >>disabling
>> >>it
>> >> completely, so i was hoping someone might have a few ideas of pieces
>> >> of
>> >> it
>> >> that i could block or disable that would make the process difficult to
>> >> implement.
>> >>
>> >> Thanks
>> >>
>> >> "Richard G. Harper" wrote:
>> >>
>> >>> Search Microsoft's TechNet and MSDN resources for Active Directory
>> >>> and
>> >>> BitLocker - there are many documents available on this subject
>> >>> including
>> >>> a
>> >>> guide to configuring BitLocker through Active Directory.
>> >>>
>> >>> --
>> >>> Richard G. Harper [MVP Shell/User] rgharper@xxxxxx
>> >>> * NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
>> >>> * PLEASE post all messages and replies in the newsgroups
>> >>> * The Website - http://rgharper.mvps.org/
>> >>> * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
>> >>>
>> >>>
>> >>> "Whitefearn" <Whitefearn@xxxxxx> wrote in message
>> >>> news:887FDF34-97F1-4BED-BFF2-2F8EC82B982A@xxxxxx
>> >>> > We do not want to use bit locker in our company, and don't want the
>> >>> > rogue
>> >>> > person to setup bitlocker and us not be able to recover data for
>> >>> > them.
>> >>> >
>> >>> > Is there a way to completly disable the bitlocker options though a
>> >>> > GPO?
>> >>> >
>> >>> > Thank you
>> >>>
>> > >>