Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 2616 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding windows 10 to a current windows 7 environment. 8.00.2.16

Jake Babyak

I currently have Safeguard Management Center 8.00.2.16.  The tech that handles this has left the company and now im stuck dealing with it(im fairly new to this).  We currently have a windows 7 environment(1000+ PCs).  They plan on moving to windows 10.  These will be brand new PCs.  meaning any windows 7 machine that have to replace, it will be replaced with Win10.   These PCs will come from an imaging company.  Currently they take the new PC, load an image on it, inject drivers, join it to domain, install sophos on it. The user will get the PC, we walk them through logging in, it syncs and the policies are downloaded. 

Moving forward with windows 10.  Im guessing the steps should be the same for the imaging company.

My questions is managing them.

Can i manage the bitlocker key from the management center?

Do they all have to be the same key?

Can i lock it down so no one can change the key?

Can i lock it down so no one can remove the encryption?

We are currently pushing out policies per location in active directory. 

Can policies be created just for windows 10 machines if they are in the same OU as windows 7?

Once again, im new to this.

Thank you,

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Jake - All good questions!

     

    1 - Yes. BL can and is managed by the console.

    2 - No, each device has its own key.

    3 - Yes, you can configure the policy to prevent removal and decryption too.

    4 - Yes you can but you'll need to create some independent groups within SSG if you want to have the PC's in the same container but yet have different policies. Policies are applied at a folder/OU level but it is possible to prevent inheritance/override settings.  Management of that will be a bit tricky to be honest and manual too. I'd be tempted to reconfigure your policies so one policy can apply to all. My policy applies to Win7, MacOS AND Win10 and there's no issues.

     

    Hope this helps a little?

Reply
  • 0

    Hi Jake - All good questions!

     

    1 - Yes. BL can and is managed by the console.

    2 - No, each device has its own key.

    3 - Yes, you can configure the policy to prevent removal and decryption too.

    4 - Yes you can but you'll need to create some independent groups within SSG if you want to have the PC's in the same container but yet have different policies. Policies are applied at a folder/OU level but it is possible to prevent inheritance/override settings.  Management of that will be a bit tricky to be honest and manual too. I'd be tempted to reconfigure your policies so one policy can apply to all. My policy applies to Win7, MacOS AND Win10 and there's no issues.

     

    Hope this helps a little?

Children
No Data
Unfiltered HTML