Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

161

162

163

164

165

166

167

168

169

170

Security Management Server Virtual v10.2.11 AdminHelp

Data Drives

This policy specifies whether smart cards can be used to

authenticate access to BitLocker removable data d

rives. These

settings are enforced when turning on BitLocker, not when

unlocking a drive. BitLocker will allow unlocking a drive with

any of the protectors available on the drive.

Deny Write

Access to

Removable

Drives Not

Protected by

BitLocker

Disabled

Enabled

Disabled

Enabled for Organization

If this policy is enabled, all removable drives that are not

BitLocker protected are mounted as read only. If this policy

is disabled, all removable drives on the computer are mounted

with read and write access.

Allow Access

to BitLocker

Protected

Removable Data

Drives from

Earlier

Versions of

Windows

Selected

Not Selected

When Selected, removable data drives with the FAT file system

can be unlocked on computers running Windows Server 2008. This

policy does not apply to drives that are formatted with the

NTFS file system.

Do Not Install

BitLocker to

Go Reader on

FAT formatted

Removable

Drives

Not Selected

Selected

Not Selected

If this policy is Not Selected, removable data drives

formatted with the FAT file system that are BitLocker

protected cannot be unlocked on computers running Windows

Server 2008. Bitlockertogo.exe is not installed.

Configure Use

of Passwords

for Removable

Data Drives

Allow

Require

Do No Allow

This policy specifies whether a pass

word is required to unlock

BitLocker removable data drives. These settings allow the use

of a password, require the use of a password, or disallow the

use of a password.

This policy must be set to Allow or Require to use the

Configure Password Complexity for Removable Data Drives and

Minimum Password Length for Removable Data Drives polices.

Configure

Password

Complexity for

Removable Data

Drives

Allow

Require

Do Not Allow

When set to Require, a connection to a domain controller is

necessary to valid

ate the complexity of the password. When set

to Allow, a connection to a domain controller is attempted to

validate complexity, but if no domain controller is found, the

password will still be accepted. When set to Do Not Allow, no

password complexity validation is done.

To use this policy, Configure Use of Passwords for Removable

Data Drives must be set to Allow or Require.

Minimum

Password

Length for

Removable Data

Drives

8-20 characters

Passwords must be at least 8 characters in length, with a

maximum of 20 characters.

To use this policy, Configure Use of Passwords for Removable

Data Drives must be set to Allow or Require.

Encryption

Type for

Removable Data

Drives

Full Encryption

Allow User to Choose

Full Encryption

Used Space Only Encryption

Select the type of encryption to use for Removable Data

Drives.

Choose How

BitLocker-

protected

Removable

Drives Can be

Not Selected

Selected

Not Selected

BitLocker drives can always be recovered with BitLocker

Manager, even if this value is Not Selected. This policy

allows for the control of how BitLocker protected removable

153