Reference Guide
Manage Policies
Configure
Password
Complexity for
Operating
System Drives
Allow
Allow
Require
Do Not Allow
When set to Require, a connection to a domain controller is
necessary to validate the complexity of the password.
When set
to Allow, a connection to a domain controller is attempted to
validate complexity, but if no domain controller is found, the
password will still be accepted. When set to Do Not Allow, no
password complexity validation is done.
To use this policy, Configure Use of Passwords for Operating
System Drives must be set to Enabled.
Minimum
Password
Length for
Operating
System Drives
8
8-256
The default value is a password length of 8 characters. 8-
256
characters are allowed.
To use this policy, Configure Use of Passwords for Operating
System Drives must be set to Enabled.
Require ASCII-
Only Passwords
for Operating
System Drives
Not Selected
Selected
Not Selected
Require ASCII-only passwords for operating system drives to
create stronger passwords.
To use this policy, Configure Use of Passwords for Operating
System Drives must be set to Enabled.
Use Enhanced
Boot
Configuration
Data Profile
Disabled
Enabled
Disabled
Not Configured
Set this policy to Enable to allow the verification and
exclusion of BCD settings.
When Disabled, this policy element will force the option to be
blocked from being used, and will not proceed until it is
met.
When Enabled, this policy element will force the option to be
used, and will not proceed unless it is met.
When Not Configured, this policy element will consume the
default action to do nothing.
Verify
Additional BCD
Settings
String
String
Specify the additional Boot Configuration settings.
To use this policy, Use Enhanced Boot Configuration Data
Profile must be set to Enabled.
Exclude
Additional BCD
Settings
String
String
Exclude specific Boot Configuration settings.
To use this policy, Use Enhanced Boot Configuration Data
Profile must be set to Enabled.
Configure TPM
Platform
Validation
Profile
Not Selected
Selected
Not Selected
Set to Selected to enable boot up TPM drive unlocking for
Windows 7 and Windows Server 2008 R2. Selected allows the
configuration of how the TPM security hardware secures the
BitLocker encryption key. This policy does not apply if the
computer does not have a compatible TPM or if BitLocker has
already been turned on with TPM protection.
This policy must be set to Selected to use the policy
Configure Specific TPM Platform Settings.
See http://technet.microsoft.com/en-
us/library/jj679890.aspx#BKMK_depopt3 for more information.
Configure
Specific TPM
Platform
Settings
PCR0,on
PCR1,off
PCR2,on
PCR3,off
PCR4,on
PCR5,on
PCR6,off
PCR7,off
This policy allows you to configure how the computer's TPM
security hardware secures the BitLocker encryption key. This
policy setting does not apply if the computer does not have a
compatible TPM or if BitLocker has already been turned on with
TPM protection. This setting determines what values the TPM
measures when it validates early boot components before
unlocking a drive on a computer running Windows 7 or Windows
Server 2008 R2.
152