Reference Guide
Security Management Server v10.2.10 AdminHelp
149
Enable Smart
Card
Certificate
Identifier
Not Selected
Selected
Not Selected
This policy allows or denies an object identifier to be
specified for enhanced key usage with a certificate.
This policy must be set to Selected to use the policy Smart
Card Certificate Identifier.
Smart Card
Certificate
Identifier
1.3.6.1.4.1.311.67.1.1
1.3.6.1.4.1.311.67.1.1
This policy provides
for an object identifier to be specified
for enhanced key usage with a certificate. BitLocker can
identify which certificates may be use
d to authenticate a user
certificate to a BitLocker drive by matching the object
identifier in the certificate with the
object identifier that
is defined by this policy. Use caution if changing the default
value.
To use this policy, Enable Smart Card Certificate Identifier
must be set to Selected.
See basic
settings
Bitlocker Encryption - Operating System Volume Settings
Allow Enhanced
PINs for
Startup
Not Selected
Selected
Not Selected
Selected allows enhanced startup PINs to be used with
BitLocker.
Enhanced startup PINs permit the use of characters including
uppercase and lowercase letters, symbols, numbers, and spaces.
This policy setting is applied when you turn on BitLocker.
Number of
Characters
Required in
PIN
4
4-20 digits
This policy configures the minimum length for a TPM startup
PIN. The startup PIN must have a minimum length of 4 digits
and can have a maximum of 20 digits.
Allow Network
Unlock at
Startup on
Operating
System Drives
Not Selected
Selected
Not Selected
This policy specifies
if a user is allowed to use the Network
Unlock at Startup feature on operating system drives.
Allow
SecureBoot on
Operating
System Drives
Selected
Selected
Not Selected
This policy specifies if a user is allowed to use SecureBoot
on operating system drives.
Disallow
Standard Users
from Changing
the PIN on
Operating
System Drives
Not Selected
Selected
Not Selected
This policy specifies if a standard user is allowed to c
hange
their PIN on operating system drives.
Enable Use of
Preboot
Keyboard Input
on Slates
Not Selected
Selected
Not Selected
This policy specifies if a preboot keyboard input is enabled
on Slates.
Reset Platform
Validation
Data After
Recovery
Not Selected
Selected
Not Selected
This policy specifies if a preboot keyboard input is enabled
on Slates.
Choose How
BitLocker-
protected
Operating
System Drives
Can be
Recovered
Not Selected
Selected
Not Selected
BitLocker drives can always be recovered with BitLocker
Manager, even if this value is Not Selected. For the GPO, a
Selected value allows
you to specify how BitLocker drives are
recovered.
More...
This policy is the parent policy to: