Reference Guide
Manage Policies
166
Omit Recovery
Options from the
BitLocker Setup
Wizard
Not Selected
Selected
Not Selected
When Selected, users are prevented from specifying recovery options
when BitLocker is enabled. Recovery options for the drive are determined
by policy settings.
To use this policy, Choose How BitLocker-protected Operating System
Drives Can be Recovered must be set to Selected.
Save BitLocker
Recovery
Information to AD
DS for Operating
System Drives
Selected
Selected
Not Selected
Selected allows BitLocker recovery information to be stored in AD DS for
operating system drives. The appropriate schema extensions and access
control settings on the domain must be first configured before AD DS
backup can succeed.
To use this policy, Choose How BitLocker-protected Operating System
Drives Can be Recovered must be set to Selected.
BitLocker Recovery
Information to
Store in AD DS
(Windows Server
2008 Only)
Recovery Passwords and Key Packages
Recovery Passwords and Key Packages
Recovery Passwords Only
This policy provides the option of storing recovery passwords and key
packages, or storing the recovery password only in AD DS. The appropriate
schema extensions and access control settings on the domain must be first
configured before applying this policy.
This policy is applicable only to computers running Windows Server 2008.
To use this policy, Choose How BitLocker-protected Operating System
Drives Can be Recovered must be set to Selected.
Do Not Enable
BitLocker Until
Recovery
Information is
Stored in AD DS for
Operating System
Drives
Not Selected
Selected
Not Selected
Although BitLocker recovery information is automatically stored in the Dell
Server, this policy additionally requires BitLocker drive encryption recovery
information to be stored in AD DS. Th
e appropriate schema extensions and
access control settings on the domain must be configured before using this
policy.
This policy is used to prevent users from enabling BitLocker unless the
computer is connected to the domain and the backup of the BitLocker
recovery information to AD DS has succeeded.
To use this policy, Choose How BitLocker-protected Operating System
Drives Can be Recovered must be set to Selected.
Configure Use of
Hardware-Based
Encryption for
Operating System
Drives
Selected
Selected
Not Selected
PARENT to the next 4 policies.
Selected enables the configuration of hardware-based encryption on
operating system drives.
Use Hardware-
Based Encryption
for Operating
System Drives
Selected
Selected
Not Selected
Selected enables hardware-based encryption on operating system drives.
To use this policy, Configure Use of Hardware-Based Encryption for
Operating System Drives must be set to Selected.
Use BitLocker
Software-Based
Encryption on
Operating System
Drives When
Hardware
Encryption is Not
Available
Selected
Selected
Not Selected
Selected enables BitLocker software-
based encryption on operating system
drives if hardware-based encryption is not available.
To use this policy, Configure Use of Hardware-Based Encryption for
Operating System Drives must be set to Selected.
Restrict Crypto
Algorithms and
Cipher Suites
Allowed for
Hardware-Based
Encryption on
Not Selected
Selected
Not Selected
Selected allows only specific crypto algorithm and cipher suites for
BitLocker hardware encryption on operating system drives.
To use this policy, Configure Use of Hardware-Based Encryption for
Operating System Drives must be set to Selected.