You have no excuse if you don’t encrypt corporate hard drives. Note that I didn’t say laptop hard drives, and that wasn’t a mistake either.
The cost of having two different setups (encrypted laptops and unencrypted desktops) to support plus the risk of having a desktop stolen, which is lower than a laptop but exists, typically make it simpler and better to just encrypt every end user computer.
There are many great solutions that can be integrated or not to existing platforms such as Active Directory, and many provide a good end user experience.
The performance hit is very minimal, centralized management is available, as well as recovery options and features to push the key temporarily to do patch management.
What’s your excuse, next company that will experience a leak due to a stolen computer?