Reference Guide
Security Management Server v10.2.7 AdminHelp
147
Encrypt Fixed Drives Do Not Manage
Do Not Manage
Turn On Encryption
Turn Off Encryption
This policy does not encrypt the
system drive. To also encrypt the
system drive, make sure that
Encrypt System Drive Only is also
Turn On Encryption.
Do Not Manage ignores Fixed
Drives. Turn On Encryption allows
BitLocker to encrypt Fixed Drives.
Turn Off Encryption causes
Manager to decrypt any BitLocker
encrypted fixed drives.
Encrypt Removable Drives Do Not Manage
Do Not Manage
Turn On Encryption
Turn Off Encryption
Do Not Manage ignores
Removable Drives. Turn On
Encryption allows BitLocker to
encrypt Removable Drives. Turn
Off Encryption causes Manager to
decrypt any BitLocker encrypted
removable drives.
Require Additional Authentication
at System Startup
Not Selected
Selected
Not Selected
This policy allows for the
configuration of BitLocker to
require additional authentication
each time the computer starts up
[with or without a Trusted
Platform module (TPM)].
More...
This policy is the parent policy to:
Allow BitLocker Encryption
Without a Compatible TPM
Configure TPM Startup
Configure TPM Startup PIN
Configure TPM Startup Key
Configure TPM Startup Key and
PIN
Allow BitLocker Encryption
Without a Compatible TPM
Selected
Selected
Not Selected
Selected allows a computer
without a compatible TPM to use
BitLocker encryption. In t
his mode,
a USB drive is required for startup.
When the key is inserted, access to
the drive is authenticated and the
drive is accessible. If the USB key is
lost or unavailable, the computer
will require BitLocker recovery for
access.
To use this policy, Require
Additional Authentication at
System Startup must be set to
Selected.