Bit Locker Questions

Is anyone using BDE in an enterprise ervironment? I might be wrong but I have noticed some things. 1. I have not found a passsword policy to force the password change every 90 days. 2. If someone steals the laptop and uses a piece of software to crack the local admin password they can see all the contents of the encrypted drive. 3. If the users have admin rights you have to create a policy that will hide the bitlocker icon in the control panel so it can't be disabled you would also have to password protect the bios so tpm could not be turned off or cleared. 4. Can BDE be set to a pre-boot screen? Any advice is appreciated.

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.