Reference Guide
Security Management Server v10.2.7 AdminHelp
171
must be set to Allow or Require.
Encryption Type for
Removable Data
Drives
Full Encryption
Allow User to Choose
Full Encryption
Used Space Only Encryption
Select the type of encryption to use for Removable Data Drives.
Choose How
BitLocker-
protected
Removable Drives
Can be Recovered
Not Selected
Selected
Not Selected
BitLocker drives can always be recovered with BitLocker Manager, even if
this value is Not Selected. This policy allows for the control of how
BitLocker protected removable data drives are recovered in the absence of
the required credentials.
More...
This policy is the parent policy to:
Allow Data Recovery Agent for Protected Removable Data Drives
Configure User Storage of BitLocker 48-digit Recovery Password
Configure User Storage of BitLocker 256-bit Recovery Key
Omit Recovery Options from the BitLocker Setup Wizard for Removable
Media
Save BitLocker Recovery Information to AD DS for Removable Data Drives
BitLocker Recovery Info to Store in AD DS for Removable Data Drives
Do Not Enable BitLocker Until Recovery Info is Stored in AD DS for Rem
Data Drives
Allow Data
Recovery Agent for
Protected
Removable Data
Drives
Selected
Selected
Not Selected
When Selected, a data recovery agent is allowed for use with BitLocker
protected removable data drives. Before the agent can be used, it must be
added from the Public Key Policies in either the Group Policy Management
Console or the Local Group Policy Editor.
To use this policy, Choose How BitLocker-protected Removable Drives Can
be Recovered must be to Selected.
Configure User
Storage of BitLocker
48-digit Recovery
Password
Allow
Allow
Require
Do Not Allow
This policy configures if a user is allowed, required, or not allowed to
generate a 48-digit password.
To use this policy, Choose How BitLocker-protected Removable Drives Can
be Recovered must be to Selected.
Configure User
Storage of BitLocker
256-bit Recovery
Key
Allow
Allow
Require
Do Not Allow
This policy configures if a user is allowed, required, or not allowed to
generate a 256-bit recovery key.
To use this policy, Choose How BitLocker-protected Removable Drives Can
be Recovered must be to Selected.
Omit Recovery
Options from the
BitLocker Setup
Wizard for
Removable Media
Not Selected
Selected
Not Selected
When Selected, users are prevented from specifying recovery options
when BitLocker is enabled. Recovery options for the drive are determined
by policy settings.
To use this policy, Choose How BitLocker-protected Removable Drives Can
be Recovered must be to Selected.
Save BitLocker
Recovery
Information to AD
DS for Removable
Data Drives
Selected
Selected
Not Selected
Selected allows BitLocker recovery information to be stored in AD DS for
removable data drives. The appropriate schema extensions and access
control settings on the domain must be first configured before AD DS
backup can succeed.
To use this policy, Choose How BitLocker-protected Removable Drives Can
be Recovered must be to Selected.
Set this policy to Selected to use the policy BitLocker Recovery Informa
tion