but from what I hear, the problem some have with that (apart from the obvious practical issues, like potentially needing physical access, etc.,) is that if people are using bitlocker encryption, they need a recovery key, which makes things a bit more complex. And in some cases, apparently the admins can't access the recovery keys because they carefully stored them on a server that's now also inaccessible because of this problem. Whoops.