Reference Guide
Manage Policies
170
to Store in AD DS for Removable Data Drives.
BitLocker Recovery
Information to
Store in AD DS for
Removable Data
Drives
Recovery Passwords and Key Packages
Recovery Passwords and Key Packages
Recovery Passwords Only
This policy provides the option of storing recovery passwords and key
packages, or storing the recovery password only in AD DS. The appropriate
schema exte
nsions and access control settings on the domain must be first
configured before applying this policy.
To use this policy, Choose How BitLocker-protected Removable Drives Can
be Recovered must be to Selected.
To use this policy, Save BitLocker Recovery Information to AD DS for
Removable Data Drives must be set to Selected.
Do Not Enable
BitLocker Until
Recovery
Information is
Stored in AD DS for
Removable Data
Drives
Not Selected
Selected
Not Selected
Although BitLocker recovery information is automaticall
y stored in the Dell
Server, this policy additionally requires BitLocker drive encryption recovery
information to be stored in AD DS. The appropriate schema extensions and
access control settings on the domain must be configured before using this
policy.
This policy is used to prevent users from enabling BitLocker unless the
computer is connected to the domain and the backup of the BitLocker
recovery information to AD DS has succeeded.
To use this policy, Choose How BitLocker-protected Removable Drives Can
be Recovered must be to Selected.
Configure Use of
Hardware-Based
Encryption for
Removable Data
Drives
Selected
Selected
Not Selected
PARENT to the next 4 policies.
Selected enables the configuration of hardware-based encryption on
removable data drives.
Use Hardware-
Based Encryption
for Removable Data
Drives
Selected
Selected
Not Selected
Selected enables hardware-based encryption on removable data drives.
To use this policy, Configure Use of Hardware-Based Encryption for
Removable Data Drives must be set to Selected.
Use BitLocker
Software-Based
Encryption on
Removable Data
Drives When
Hardware
Encryption is Not
Available
Selected
Selected
Not Selected
Selected enables BitLocker software-based encryption on removable data
drives if hardware-based encryption is not available.
To use this policy, Configure Use of Hardware-Based Encryption for
Removable Data Drives must be set to Selected.
Restrict Crypto
Algorithms and
Cipher Suites
Allowed for
Hardware-Based
Encryption on
Removable Data
Drives
Not Selected
Selected
Not Selected
Selected allows only specific crypto algorithm and cipher suites for
BitLocker hardware encryption.
To use this policy, Configure Use of Hardware-Based Encryption for
Removable Data Drives must be set to Selected.
Configure Specific
Crypto Algorithms
and Cipher Suites
Settings on
Removable Data
Drives
2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42
String -
2.16.840.1.101.3.4.1.2;
2.16.840.1.101.3.4.1.42
Specific Crypto Algorithms and Cipher Suites allowed.
To use this policy, Configure Use of Hardware-Based Encryption for
Removable Data Drives must be set to Selected.
See basic settings
Policy Default Setting Description