TPM and PIN Management for BitLocker
Handling the TPM chip and the assigned PIN is one of the greatest challenges of running and managing Microsoft BitLocker. The TPM chip must first be enabled on the client before it can be used with BitLocker. Then everyone who needs to access that client must be apprised of the PIN. This requires a great deal upfront administrative effort on the part of the IT department before the solution is even rolled out. And there are many other chores that need to be tackled, for example, changing or resetting forgotten PINs and then disseminating this information to all users affected by these actions.
BitTruster supports you with a host of useful features. The TPM chip's status is monitored and the chip can be activated by BitTruster. It keeps all users with a need to know in the know. They will be informed of what actions will be taken next and of the new PIN as soon as the chip is activated. A periodic PIN change can be enforced so PINs are not used for periods longer than deemed advisable.
All this is done by BitTruster without an administrator having to make any changes at the client, and it can be configured fully automatically via the BitTruster Management Console. This reduces the IT helpdesk's workload and therefore the costs of running BitLocker, which are much higher in a non-managed environment.
A drive encryption solution should be rolled out without impeding or stopping the workflow. During initial encryption, no organization can afford to have its systems' performance reduced to the point where it adversely affects the work effort.
With BitTruster's Overnight Encryption® option, computers can be encrypted in the wee hours when few or no users are logged on.
BitTruster tags all unencrypted computers, activates BitLocker and prepares the systems for encryption without users having to be present.
If you wish, the hardware test recommended by Microsoft can be conducted before BitLocker encryption commences.
BitTruster can even use Wake on LAN to start up computers that have been switched off and encrypt these devices as well.
With these capabilities, BitTruster makes it so much easier to plan and execute BitLocker's rollout.
BitLocker recovery keys are stored centrally and securely by means of BitTruster, so managing BitLocker systems is an exercise in convenience. There is far less administrative effort for users, which boosts your workforce's productivity. And on top of that, client availability is increased with far less risk of a security breach.
BitTruster's unique clientless technology allows all computers in a network to be managed without having to install any client components.
You will never have to devote a moment's effort to software distribution, updates, upgrades, patches, hot fixes, or the like on clients. The BitTruster server propagates all the prescribed policies directly to the clients. Only the BitTruster server is updated, and all new features are available immediately, everywhere.
Fully Automated BitLocker Management
BitTruster operates independently and automatically. All specifications are implemented on the clients by means of policies. Manual intervention on the part of an administrator is not required to start encrypting nor to reset or change a PIN. The same goes for changing the recovery password, which is also done automatically.
Are you already running BitLocker? Would you like to know which clients have yet to be encrypted?
Getting an overview of all your clients - including those that are still unencrypted - couldn't be any easier than with BitTruster's Monitoring Only function. And you don't have to install any plug-ins at your clients.
You can manage access privileges via the management center from the moment BitTruster is enabled. A single mouse-click is all takes to view all users who have access to a particular BitLocker computer. You can assign and remove user clients at will.
Use BitTruster to tag all stolen computers with a just a few mouse-clicks. You can also disable the recovery function for stolen computers.
Enables users to report their devices as being lost or stolen. The BitTruster management center will inform the administrator. And if a recovery request comes in, help desk staff can see at glance that this is a stolen computer. The recovery options for PINs and recovery keys are immediately disabled by this function.
Role-based Access Management
Use this tool to quickly and easily afford your security officers need-to-know access to the BitTruster Management Console based on their job profiles. That's all it takes to control access to sensitive information in your working environment. BitTruster also lets you keep track of who has access to central management capabilities.
Take advantage of a simple and efficient way of monitoring and logging all the activities of your BitTruster administrators to quickly track their actions whenever you wish.
Enhanced BitLocker Policy Management
BitTruster also lets you assign policies to individual computers, for example, to cater specifically to the needs of your organization's VIPs. Portable devices such as laptops are now registered automatically, whereby a distinction is made between these and desktop systems so that they may be assigned policies of their own.