57 votesAustin WongCarter commented
It would also be very nice if you can set the default creation state for new deployments to be "Disabled" of have a different security permission that only allows the create of "Disabled" deployments. This would allow for Change Control and oversight before deployments are enabled.
8 votesAustin WongCarter commented
The problem with that would be if they just restart on their own, rather than letting ConfigMan restart the computer. I see the prompt to reboot, I delay it, but when I leave for the day I reboot the computer and walk out. In this scenario how would ConfigMan know to suspend the BitLocker PIN before the reboot?