Information Technology Reference
In-Depth Information
Coniguring BitLocker policies
Windows Server 2012 R2 has a full set of BitLocker policies. There are policies that affect all
BitLocker drives; and different policies for fixed data drives, operating system drives, and
removable data drives. The BitLocker policies are in the Computer Configuration\Policies\
Administrative Templates\Windows Components\BitLocker Drive Encryption folder. Table 2-2
lists the general BitLocker policies.
TABLE 2-2 General BitLocker policies
Setting
Default State
Stores BitLocker recovery information in AD DS (Windows Server 2008
and Windows Vista)
Not configured
Chooses default folder for recovery password
Not configured
Chooses how users can recover BitLocker-protected drives (Windows
Server 2008 and Windows Vista)
Not configured
Chooses drive encryption method and cipher strength
Not configured
Chooses drive encryption method and cipher strength (Windows Vista,
Windows Server 2008, Windows 7, Windows Server 2008 R2)
Not configured
Provides unique identifiers for your organization
Not configured
Prevents memory overwrite on restart
Not configured
Validates smart card certificate usage rule compliance
Not configured
The settings for fixed data drives are shown in Table 2-3.
TABLE 2-3 Fixed data drive BitLocker policies
Setting
Default State
Configures use of smart cards on fixed data drives
Not configured
Denies write access to fixed drives not protected by BitLocker
Not configured
Configures use of hardware-based encryption for fixed data drives
Not configured
Enforces drive encryption type on fixed data drives
Not configured
Allows access to BitLocker-protected fixed data drives from earlier
versions of Windows
Not configured
Configure use of passwords for fixed data drives
Not configured
Choose how BitLocker-protected fixed drives can be recovered
Not configured
The settings for operating system drives are shown in Table 2-4.
 
 
Search WWH ::




Custom Search