Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
161162163164165166167168169170
Manage Policies
PCR17,off
PCR18,off
PCR19,off
PCR20,off
PCR21,off
PCR22,off
PCR23,off
Profile must be set to Selected.
Configure UEFI
TPM Platform
Validation
Profile
Not Selected
Selected
Not Selected
Set to Selected to enable boot up UEFI TPM drive unlocking.
Selected allows the configuration of how the UEFI TPM security
hardware secures the BitLocker encryption key. This policy
does not apply if the computer does not have a compatible TPM
or if BitLocker has already been turned on with TPM
protection.
This policy must be set to Selected to use the policy
Configure Specific UEFI TPM Platform Settings.
See http://technet.microsoft.com/en-
us/library/jj679890.aspx#BKMK_tpmvaluefi
for more information.
Configure
Specific UEFI
TPM Platform
Settings
PCR0,on
PCR1,off
PCR2,on
PCR3,off
PCR4,on
PCR5,off
PCR6,off
PCR7,off
PCR8,off
PCR9,off
PCR10,off
PCR11,on
PCR12,off
PCR13,off
PCR14,off
PCR15,off
PCR16,off
PCR17,off
PCR18,off
PCR19,off
PCR20,off
PCR21,off
PCR22,off
PCR23,off
This policy setting allows you to configure ho
w the computer's
TPM security hardware secures the BitLocker encryption key.
This setting determines what values the TPM measures when it
validates early boot components before unlocking an operating
system drive on a computer with native UEFI firmware
configurations.
If you enable this policy before turning on BitLocker, you can
configure the boot components that the TPM will validate
before unlocking access to the BitLocker-encrypted operating
system drive. If any of these components change while
BitLocker protection is in effect, the TPM does not release
the encryption key to unlock the drive and the computer will
instead display the BitLocker recovery console and require
that either the recovery password or recovery key be provided
to unlock the drive.
To use this policy, Configure UEFI TPM Platform Validation
Profile must be set to Selected.
See basic
settings
Bitlocker Encryption - Removable Storage Settings
Allow User to
Apply
BitLocker
Protection on
Removable
Drives
Selected
Selected
Not Selected
When Selected, users are permitted to run the BitLocker setup
wizard on a removable data drive.
Allow User to
Suspend and
Decrypt
BitLocker
Protection on
Removable Data
Drives
Selected
Selected
Not Selected
When Selected, users are authorized to suspend and decrypt
BitLocker protection on removable data drives.
Configure Use
of Smart Cards
on Removable
Allow
Allow
Disallow
Require
154