Reference Guide
Security Management Server v10.2.7 AdminHelp
165
maximum of 20 digits.
Allow Network
Unlock at Startup
on Operating
System Drives
Not Selected
Selected
Not Selected
This policy specifies if a user is allowed to use the Network Unlock at
Startup feature on operating system drives.
Allow SecureBoot
on Operating
System Drives
Selected
Selected
Not Selected
This policy specifies if a user is allowed to use SecureBoot on operating
system drives.
Disallow Standard
Users from
Changing the PIN
on Operating
System Drives
Not Selected
Selected
Not Selected
This policy specifies if a standard user is allowed to change their PIN on
operating system drives.
Enable Use of
Preboot Keyboard
Input on Slates
Not Selected
Selected
Not Selected
This policy specifies if a preboot keyboard input is enabled on Slates.
Reset Platform
Validation Data
After Recovery
Not Selected
Selected
Not Selected
This policy specifies if a preboot keyboard input is enabled on Slates.
Choose How
BitLocker-
protected
Operating System
Drives Can be
Recovered
Not Selected
Selected
Not Selected
BitLocker drives can always be recovered with BitLocker Manager, even if
this value is Not Selected. For the GPO, a Selected value allows you to
specify how BitLocker drives are recovered.
More...
This policy is the parent policy to:
Allow Data Recovery Agent for Protected Operating System Drives
Configure User Storage of BitLocker 48-digit Recovery Password
Configure User Storage of BitLocker 256-bit Recovery Key
Omit Recovery Options from the BitLocker Setup Wizard
Save BitLocker Recovery Info to AD DS for Operating System Drives
BitLocker Recovery Information to Store in AD DS (Windows Server 2008
Only)
Do Not Enable BitLocker Until Recovery Information is Stored in AD DS for
Operating System Drives
Allow Data
Recovery Agent for
Protected
Operating System
Drives
Selected
Selected
Not Selected
The "Allow Certificate Based Data Recovery Agent" is used to specify
whether a data recovery agent can be used with BitLocker operating
system drives. Before a data recovery agent can be used, it must be added
from the Public Key policies in either the Group Policy Management
Console or the Local Group Policy Editor.
To use this policy, Choose How BitLocker-protected Operating System
Drives Can be Recovered must be set to Selected.
Configure User
Storage of BitLocker
48-digit Recovery
Password
Allow
Do Not Allow
Require
Allow
This policy configures if a user is allowed, required, or not allowed to
generate a 48-digit password.
To use this policy, Choose How BitLocker-protected Operating System
Drives Can be Recovered must be set to Selected.
Configure User
Storage of BitLoc
ker
256-bit Recovery
Key
Allow
Do Not Allow
Require
Allow
This policy configures if a user is allowed, required or not allowed to
generate a 256-bit recovery key.
To use this policy, Choose How BitLocker-protected Operating System
Drives Can be Recovered must be set to Selected.