If the person tries to boot Windows and overwrite the drive again they will not be allowed. If they try to take the drive out and use it as a slave to get the info out, they will not be allowed by Bitlocker because the TPM will not be found. However if your fear is somebody stealing data and bringing it outside the office it is safe as with decent security an outsider should not be able to login to get to the data. If a user in the office wanted to they could startup the machine and log in without issue. Surely it’s less secure that way? It’s not quite as secure in terms of being in the office. Why would you only use the TPM? Maybe you have maintenance tasks that require your desktop team to reboot machines and not get locked out by not having the correct pin. Bitlocker will store the recovery key on a chip in your computer called the TPM chip, the key will live there, any time the machine boots up it will look at the TPM chip to ensure the recovery key is there. Or if that doesn’t jive with you, you can set it up so there’s no pin but it will still use the TPM chip for authentication. You can configure the use of a password, so when a user tries to startup a machine they are first prompted for their TPM Pin. You can store your recovery keys in your Active Directory or save them onto a share or removable media etc. You can use a 128-bit encryption algorithm, a 256-bit algorithm. So let’s go through some of the more important settings to get you started with a base MBAM setup.įirst an overview of the different types of setup you can have. The MBAM setup puts down a group policy template on your MBAM server which allows to configure the settings for your environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |