Re: BitLocker

["Grilli, Brian Robert" <brg3 () PSU EDU>]

When I did support/systems administration I rolled out bitlocker on faculty/staff machines I managed. We did the 
TPM+PIN, allowing users to request their own PIN when we rolled it out. Overall there were no major concerns to note, 
and deployment via GP and management via AD was pretty straight forward.  Users occasionally forgot their PIN, but no 
more than they forgot their password. Recovery keys can be stored in AD which is nice.

Only issue we ever ran into was in regard to encrypting some Dell systems that were configured to use Legacy boot mode 
(our imaging solution at the time used Legacy) Select systems would not encrypt with bitlocker using this boot mode. 
Switching to UEFI solved that problem.
________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of St-Jean, Daniel 
<Daniel_St-Jean () BANFFCENTRE CA>
Sent: Friday, June 28, 2019 5:01:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] BitLocker

I was wondering if your institution is using BitLocker?

How was your rollout process? And how is the general operations of BitLocker going?
Are you using TPM? (+ PIN)? (or did you consider using +PIN and didn’t implement in the end? Why?)
Do user lose their PIN all the time?
Is the PIN useless because users put their laptop into sleep mode?

We are also looking for Best Practices. Is there a “best practice”? Or it really depends on our risk appetite?

Thank you in advance,
[cid:image001.png@01D52DC1.1DD47AA0]

Daniel St-Jean
Senior Systems Analyst

Banff Centre for Arts and Creativity
107 Tunnel Mountain Drive
Box 1020, Banff, Alberta
Canada T1L 1H5
Tel: 403.762.6263

banffcentre.ca<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.banffcentre.ca%2F&data=02%7C01%7Cbrg3%40psu.edu%7C7f7ecc98d3944ce93fee08d6fc0bd76f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636973525131379655&sdata=yBb2DkBRcglHyOAojRiJsugw7meAG%2FUcsPpNc9k7VkM%3D&reserved=0>
Facebook<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FBanffCentre&data=02%7C01%7Cbrg3%40psu.edu%7C7f7ecc98d3944ce93fee08d6fc0bd76f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636973525131379655&sdata=0284I2js9oAUDRMP2vTyD6qdbQf9dmkVaHwqv7gapfM%3D&reserved=0>
 | 
Twitter<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FBanffCentre&data=02%7C01%7Cbrg3%40psu.edu%7C7f7ecc98d3944ce93fee08d6fc0bd76f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636973525131389648&sdata=3d9dYVjo%2FX6JI7khLo4BALuA%2BF4Jq2htG6zozrzX%2FDE%3D&reserved=0>
 | 
Instagram<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.instagram.com%2Fbanffcentre%2F&data=02%7C01%7Cbrg3%40psu.edu%7C7f7ecc98d3944ce93fee08d6fc0bd76f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636973525131389648&sdata=lxX9d5QqKPf93u9fbXOwJLh%2FKf2h4M4UBaQsumpCy5Y%3D&reserved=0>
 | 
LinkedIn<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fschool%2Fbanff-centre%2F&data=02%7C01%7Cbrg3%40psu.edu%7C7f7ecc98d3944ce93fee08d6fc0bd76f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636973525131399643&sdata=Y5hBqdJpZa17wPSjLe8EwhRO7qX0mhxGqLln6ng8q8I%3D&reserved=0>

Banff Centre for Arts and Creativity is located on the lands of Treaty 7 territory. We acknowledge the past, present, 
and future generations of Stoney Nakoda, Blackfoot, and Tsuut’ina Nations who help us steward this land, as well as 
honour and celebrate this place.

This message has been sent by an employee of Banff Centre. If you have received this communication in error or do not 
wish to receive electronic communications from this individual in the future please respond by simply typing 
‘unsubscribe’ in the subject line and returning to the sender. Subsequently you will not be contacted without reason.