Win7 BitLocker: Replacement for PGP?

N

NotSoSimple

[H]F Junkie
Joined
May 17, 2003
Messages
14,618
We currently use PGP for all laptops and remote users. Costly as it takes a dedicated server as well as roughly $120/License. With BitLocker and Windows 7 (Which we are mirgrating to in January) it seems we can manage it via AD if someone loses their key.

Who is using BitLocker in a business enviro with good results? If I can save us $120/user...That would make me and my boss very happy :D Would it be a comparable replacement to PGP Whole Disk?
 
Just a heads up on this, since no one seems to have any idea :p

Have tested BitLocker for over a week now and so far so good. We are going to start using it in our AD and see how it works. We are hoping it works as advertised, where a recovery key is added to each Computer Object that is encrypted. It *should* also allow us to set a 'master' key which we can unlock the system if need be.

Below are some things I would point out. This is BitLocker, configured AES 256-Bit Encryption, TPM chipset enabled, and start up PIN.

Pros:
Seems more stable on the initial encryption/decryption compared to PGP WDE.
No added cost (In our case $150/User and a couple thousand/year for maintenance fees)
Has a recovery option in case someone forgets there PIN
Lots of options: Encryption type, AD backup, PIN, TPM, etc.
Ability to use USB drive as 'key' to gain access to system

Cons:
Only takes a PIN Code (Numeric)
Recovery key is ~40 characters which are auto generated
If not configuring via GP in AD, you have to edit the local policy. Otherwise it will encrypt and not prompt for any other options.
 
I'm looking at BitLocker for a few clients that have laptops. I'm going to be giving it a shot on my work laptop here this weekend. Going to P2V my corporate XP Pro install and then wipe the drive, install Windows 7 and VMware Workstation and load up my XP Pro VM and make sure everything works, then use BitLocker for whole disk encryption. Currently I'm dual-booting XP and Win7 with PGP and I hate it.
 
You must log in or register to reply here.
Back
Top