Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

171

172

173

174

175

176

177

178

179

180

Security Management Server v10.2.7 AdminHelp

163

Stored in AD DS for

Fixed Data Drives

information to be stored in AD DS. The appropriate schema extensions and

access control settings on the domain must be configured before using this

policy.

More...

This policy is used to prevent users from enabling BitLocker unless the

computer is connected to the domain and the backup of the BitLocker

recovery information to AD DS has succeeded.

The Choose How BitLocker-protected Fixed Drives Can be Recovered

policy

must be set to Selected to use this policy.

Configure Use of

Hardware-Based

Encryption for Fixed

Data Drives

Selected

Not Selected

PARENT to the next 4 policies.

Selected enables the configuration of hardware-based encryption on fixed

data drives.

Use Hardware-

Based Encryption

for Fixed Data

Drives

Selected

Not Selected

Selected enables hardware-based encryption for fixed data drives.

To use this policy, Configure Use of Hardware-Based Encryption for Fixed

Data Drives must be set to Selected.

Use BitLocker

Software-Based

Encryption on Fixed

Data Drives When

Hardware

Encryption is Not

Available

Selected

Not Selected

Selected enables BitLocker software-based encryption on fixed data drives

if hardware-based encryption is not available.

To use this policy, Configure Use of Hardware-Based Encryption for Fixed

Data Drives must be set to Selected.

Restrict Crypto

Algorithms and

Cipher Suites

Allowed for

Hardware-Based

Encryption on Fixed

Data Drives

Not Selected

Selected

Not Selected

Selected allows only specific crypto algorithm and cipher suites for

BitLocker hardware encryption on fixed data drives.

To use this policy, Configure Use of Hardware-Based Encryption for Fixed

Data Drives must be set to Selected.

Configure Specific

Crypto Algorithms

and Cipher Suites

Settings on Fixed

Data Drives

String

String -

2.16.840.1.101.3.4.1.2;

2.16.840.1.101.3.4.1.42

Set specific Crypto Algorithms and Cipher Suites on fixed data drives.

To use this policy, Configure Use of Hardware-Based Encryption for Fixed

Data Drives must be set to Selected.

See basic settings

Bitlocker Encryption - Global Settings

Default Folder

Location to Save

Recovery Password

Qualified path

Important: This policy is not used by BitLocker Manager, because it does

not prompt the user when saving recovery passwords.

Microsoft defines this policy as: This setting provides the default path that

is displayed when the BitLocker drive encryption setup wizar

d prompts the

user to enter the location of a folder to save the recovery password.

The text in this policy is translatable.

Encryption Method

and Cipher Strength

AES 128 with Diffuser

AES 256 with Diffuser

AES 128

AES 256

This policy specifies the encryption method and cipher strength used for

BitLocker drive encryption. Changing this policy has no effect if the drive is

already encrypted or encryption is in progress.

Enable

Organizational

Unique Identifiers

Not Selected

Selected

Not Selected

This policy allows for the association of unique organizational identifiers to

a new drive that is enabled with BitLocker. These identifiers are stored as