Information Technology Reference
In-Depth Information
TABLE 2-4 Operating system drive BitLocker policies
Setting
Default State
Allows Network Unlock at startup
Not configured
Allows Secure Boot for integrity validation
Not configured
Requires additional authentication at startup
Not configured
Requires additional authentication at startup (Windows Server 2008 and
Windows Vista)
Not configured
Disallows standard users from changing the PIN or password
Not configured
Enables use of BitLocker authentication requiring preboot keyboard
input on slates
Not configured
Allows enhanced PINs for startup
Not configured
Configures minimum PIN length for startup
Not configured
Configures use of hardware-based encryption for operating system
drives
Not configured
Enforces drive encryption type on operating system drives
Not configured
Configures use of passwords for operating system drives
Not configured
Chooses how BitLocker-protected operating system drives can be
recovered
Not configured
Configures TPM platform validation profile for BIOS-based firmware
configurations
Not configured
Configures TPM platform validation profile (Windows Vista, Windows
Server 2008, Windows 7, Windows Server 2008 R2)
Not configured
Configures TPM platform validation profile for native UEFI firmware
configurations
Not configured
Resets platform validation data after BitLocker recovery
Not configured
Uses enhanced Boot Configuration Data (BCD) validation profile
Not configured
The settings for removable data drives are shown in Table 2-5.
 
Search WWH ::




Custom Search