Reference Guide
Manage Policies
170
Bitlocker Encryption - Removable Storage Settings
Allow User to Apply
BitLocker
Protection on
Removable Drives
Selected
Selected
Not Selected
When Selected, users are permitted to run the BitLocker setup wizard on a
removable data drive.
Allow User to
Suspend and
Decrypt BitLocker
Protection on
Removable Data
Drives
Selected
Selected
Not Selected
When Selected, users are authorized to suspend and decrypt BitLocker
protection on removable data drives.
Configure Use of
Smart Cards on
Removable Data
Drives
Allow
Allow
Disallow
Require
This policy specifies whether smart cards can be used to authenticate
access to BitLocker removable data drives. These settings are enforced
when turning on BitLocker, not when unlocking a drive. BitLocker will allow
unlocking a drive with any of the protectors available on the drive.
Deny Write Access
to Removable
Drives Not
Protected by
BitLocker
Disabled
Enabled
Disabled
Enabled for Organization
If this policy is enabled, all removable drives that are not BitLocker
protected are mounted as read only. If this policy is disabled, all removable
drives on the computer are mounted with read and write access.
Allow Access to
BitLocker Protected
Removable Data
Drives from Earlier
Versions of
Windows
Selected
Selected
Not Selected
When Selected, removable data drives with the FAT file system can be
unlocked on computers running Windows Server 2008. This policy does not
apply to drives that are formatted with the NTFS file system.
Do Not Install
BitLocker to Go
Reader on FAT
formatted
Removable Drives
Not Selected
Selected
Not Selected
If this policy is Not Selected, removable data drives formatted with the FAT
file system that are BitLocker protected cannot be unlocked on computers
running Windows Server 2008. Bitlockertogo.exe is not installed.
Configure Use of
Passwords for
Removable Data
Drives
Allow
Allow
Require
Do No Allow
This policy specifies whether a password is required to unlock BitLocker
removable data drives. Thes
e settings allow the use of a password, require
the use of a password, or disallow the use of a password.
This policy must be set to Allow or Require to use the Configure Password
Complexity for Removable Data Drives and Minimum Password Length for
Removable Data Drives polices.
Configure Password
Complexity for
Removable Data
Drives
Allow
Allow
Require
Do Not Allow
When set to Require, a connection to a domain controller is necessary to
validate the complexity of the password. When set to Allow, a connection
to a domain controller is attempted to validate complexity, but if no
domain controller is found, the password will still be accepted. When set
to Do Not Allow, no password complexity validation is done.
To use this policy, Configure Use of Passwords for Removable Data Drives
must be set to Allow or Require.
Minimum Password
Length for
Removable Data
Drives
8
8-20 characters
Passwords must be at least 8 characters in length, with a maximum of 20
characters.
To use this policy, Configure Use of Passwords for Removable Data Drives