I have used Bitlocker and it seems to work fine, but isn't as convenient to centrally manage, but, hey, it is free. The recovery components (tokens) are managed through AD while Symantec uses the Universal Server, which is Linux based and pretty easy to configure/maintain. We tinkered with Bitlocker, but decided that SDE was easier to manage, better supported and has a long history of usage in the field.
As to your earlier question, I have never attempted encryption of a drive while in automation. Maybe someone else can chime in if they have done that.