Q&A content from the "Using BitLocker with FDCC and FIPS" webcast from May 27, 2008. The recording of the webcast may be viewed on-demand here.
Question: You may have mentioned this earlier but should FIPS be setup before or after FDCC?
Answer: FIPS should be enabled and applied to the end system before BitLocker Drive Encryption is enabled. If the FIPS compliance setting is enabled after the drive has been encrypted, you must turn off BitLocker (decrypt the drive) and then re-enable BitLocker.
Question: What would be the deployment strategy for telecommuters?
Answer: I recommend reading the Windows BitLocker Design and Deployment guides (http://www.microsoft.com/downloads/details.aspx?familyid=41ba0cf0-57d6-4c38-9743-b7f4ddbe25cd&displaylang=en&tm). Some factors to consider:
· How many systems will need to be activated ( > 15 systems, recommend WMI scripts)
· Are the systems domain attached
· Initializing the TPM chip and enabling BitLocker requires administrative right.
Question: Does bitlocker work on solid state hard drives?
Answer: Yes, as long as the drive is an NTFS formatted and is Vista compatible.
Question: Any references/examples of govt agencies that have tested or used Bitlocker?
Answer: Not at this time, but I will inquire further.