Reference Guide
Security Management Server v10.2.11 AdminHelp
Information is
Stored in AD
DS for
Operating
System Drives
stored in the Dell Server, this policy additionally requires
BitLocker drive encryption recovery information to be stored
in AD DS. The appropriate schema extensions and access control
settings on the domain must be configured before using this
policy.
This policy is used to prevent users from enabling BitLocker
unless the computer is connected to the domain and the backup
of the BitLocker recovery information to AD DS has succeeded.
To use this policy, Choose How BitLocker-protected Operating
System Drives Can be Recovered must be set to Selected.
Configure Use
of Hardware-
Based
Encryption for
Operating
System Drives
Selected
Selected
Not Selected
PARENT to the next 4 policies.
Selected enables the configuration of hardware-based
encryption on operating system drives.
Use Hardware-
Based
Encryption for
Operating
System Drives
Selected
Selected
Not Selected
Selected enables hardware-
based encryption on operating system
drives.
To use this policy, Configure Use of Hardware-
Based Encryption
for Operating System Drives must be set to Selected.
Use BitLocker
Software-
Based
Encryption on
Operating
System Drives
When Hardware
Encryption is
Not Available
Selected
Selected
Not Selected
Selected enables BitLocker software-based encryption on
operating system drives if hardware-based encryption is not
available.
To use this policy, Configure Use of Hardware-
Based Encryption
for Operating System Drives must be set to Selected.
Restrict
Crypto
Algorithms and
Cipher Suites
Allowed for
Hardware-
Based
Encryption on
Operating
System Drives
Not Selected
Selected
Not Selected
Selected allows only specific crypto algorithm and cipher
suites for BitLocker hardware encryption on operating system
drives.
To use this policy, Configure Use of Hardware-
Based Encryption
for Operating System Drives must be set to Selected.
Configure
Specific
Crypto
Algorithms and
Cipher Suites
Settings on
Operating
System Drives
2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42
String -
2.16.840.1.101.3.4.1.2;
2.16.840.1.101.3.4.1.42
Specific Crypto Algorithms and Cipher Suites allowed on
operating system drives.
To use this policy, Configure Use of Hardware-
Based Encryption
for Operating System Drives must be set to Selected.
Encryption
Type for
Operating
System Drives
Full Encryption
Full Encryption
Used Space Only Encryption
Select the type of encryption to use for operating system
drives.
Configure Use
of Passwords
for Operating
System Drives
Not Configured
Enabled
Disabled
Not Configured
Configure password requirements for Operating System Drives.
When Disabled, t
his policy element will force the option to be
blocked from being used, and will not proceed until it is
met.
When Enabled, this policy element will force the option to be
used, and will not proceed unless it is met.
When Not Configured, this policy element will consume the
default action to do nothing.
151