To use auto-unlock, also require BitLocker to encrypt the OS drive.įor more information on these and other settings on this page, see Settings reference - Fixed drive. When you enable this policy, either enable auto-unlock or the settings for Fixed data drive password policy.Ĭonfigure auto-unlock for fixed data drive: Allow or require BitLocker to automatically unlock any encrypted data drive. On the Fixed Drive page, specify the following settings:įixed data drive encryption: If you enable this setting, BitLocker requires users to put all fixed data drives under protection. By default, the minimum PIN length is 4.įor more information on these and other settings on this page, see Settings reference - OS drive. The user enters this PIN when the computer boots to unlock the drive. Select protector for operating system drive: Configure it to use a TPM and PIN, or just the TPM.Ĭonfigure minimum PIN length for startup: If you require a PIN, this value is the shortest length the user can specify. When the computer starts, it can use only the TPM for authentication, or it can also require the entry of a personal identification number (PIN). On devices with a compatible TPM, two types of authentication methods can be used at startup to provide added protection for encrypted data. If you disable it, the user can't protect the drive. Operating System Drive Encryption Settings: If you enable this setting, the user has to protect the OS drive, and BitLocker encrypts the drive.On the Operating System Drive page, specify the following settings: Then individually select the encryption method for OS drives, fixed data drives, and removable data drives.įor more information on these and other settings on this page, see Settings reference - Setup. Then select the encryption method.įor Windows 10 or later devices, enable the option for Drive encryption method and cipher strength (Windows 10 or later). If you disable or don't configure these settings, BitLocker uses the default encryption method (AES 128-bit).įor Windows 8.1 devices, enable the option for Drive encryption method and cipher strength. If the drive is already encrypted or is in progress, any change to these policy settings doesn't change the drive encryption on the device. Configuration Manager applies these settings when you enable BitLocker.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |