Reference Guide
Security Management Server v10.2.11 AdminHelp
settings on the domain must be first configured before
applying this policy.
The Choose How BitLocker-protected Fixed Drives Can be
Recovered policy must be set to Selected to use this policy.
To use this policy, Save BitLocker Recovery Information to AD
DS for Fixed Data Drives must be set to Selected.
Do Not Enable
BitLocker
Until Recovery
Information is
Stored in AD
DS for Fixed
Data Drives
Not Selected
Selected
Not Selected
Although BitLocker recovery information is automatically
stored in the Dell Server this policy additionally requires
BitLocker drive encryption recovery information to be stored
in AD DS. Th
e appropriate schema extensions and access control
settings on the domain must be configured before using this
policy.
More...
This policy is used to prevent users from enabling BitLocker
unless the computer is connected to the domain and the backup
of the BitLocker recovery information to AD DS has succeeded.
The Choose How BitLocker-protected Fixed Drives Can be
Recovered policy must be set to Selected to use this policy.
Configure Use
of Hardware-
Based
Encryption for
Fixed Data
Drives
Selected
Selected
Not Selected
PARENT to the next 4 policies.
Selected enables the configuration of hardware-based
encryption on fixed data drives.
Use Hardware-
Based
Encryption for
Fixed Data
Drives
Selected
Selected
Not Selected
Selected enables hardware-based encryption for fixed data
drives.
To use this policy, Configure Use of Hardware-
Based Encryption
for Fixed Data Drives must be set to Selected.
Use BitLocker
Software-
Based
Encryption on
Fixed Data
Drives When
Hardware
Encryption is
Not Available
Selected
Selected
Not Selected
Selected enables BitLocker software-
based encryption on fixed
data drives if hardware-based encryption is not available.
To use this policy, Configure Use of Hardware-
Based Encryption
for Fixed Data Drives must be set to Selected.
Restrict
Crypto
Algorithms and
Cipher Suites
Allowed for
Hardware-
Based
Encryption on
Fixed Data
Drives
Not Selected
Selected
Not Selected
Selected allows only specific crypto algorithm and cipher
suites for BitLocker hardware encryption on fixed data drives.
To use this policy, Configure Use of Hardware-
Based Encryption
for Fixed Data Drives must be set to Selected.
Configure
Specific
Crypto
Algorithms and
Cipher Suites
Settings on
Fixed Data
Drives
String
String -
2.16.840.1.101.3.4.1.2;
2.16.840.1.101.3.4.1.42
Set
specific Crypto Algorithms and Cipher Suites on fixed data
drives.
To use this policy, Configure Use of Hardware-
Based Encryption
for Fixed Data Drives must be set to Selected.
See basic
settings
Bitlocker Encryption - Global Settings
Default Folder
Location to
Qualified path
Important: This policy is not used by BitLocker Manager,
147