Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

161

162

163

164

165

166

167

168

169

170

Security Management Server v10.2.11 AdminHelp

applying this policy.

To use this policy, Choose How BitLocker-protected Removable

Drives Can be Recovered must be to Selected.

To use this policy, Save BitLocker Recovery Information to AD

DS for Removable Data Drives must be set to Selected.

Do Not Enable

BitLocker

Until Recovery

Information is

Stored in AD

DS for

Removable Data

Drives

Not Selected

Selected

Not Selected

Although BitLocker recovery information is automatically

stored in the Dell Server, this policy additionally requires

BitLocker drive encryption recovery information to be stored

in AD DS. The appropriate schema extensions and access control

settings on the domain must be configured before using this

policy.

This policy is used to prevent users from enabling BitLocker

unless the computer is connected to the domain and the backup

of the BitLocker recovery information to AD DS has succeeded.

To use this policy, Choose How BitLocker-protected Removable

Drives Can be Recovered must be to Selected.

Configure Use

of Hardware-

Based

Encryption for

Removable Data

Drives

Selected

Not Selected

PARENT to the next 4 policies.

Selected enables the configuration of hardware-based

encryption on removable data drives.

Use Hardware-

Based

Encryption for

Removable Data

Drives

Selected

Not Selected

Selected enables hardware-based encryption on removable data

drives.

To use this policy, Configure Use of Hardware-

Based Encryption

for Removable Data Drives must be set to Selected.

Use BitLocker

Software-

Based

Encryption on

Removable Data

Drives When

Hardware

Encryption is

Not Available

Selected

Not Selected

Selected enables BitLocker software-based encryption on

removable data drives if hardware-based encryption is not

available.

To use this policy, Configure Use of Hardware-

Based Encryption

for Removable Data Drives must be set to Selected.

Restrict

Crypto

Algorithms and

Cipher Suites

Allowed for

Hardware-

Based

Encryption on

Removable Data

Drives

Not Selected

Selected

Not Selected

Selected allows only specific crypto algorithm and cipher

suites for BitLocker hardware encryption.

To use this policy, Configure Use of Hardware-

Based Encryption

for Removable Data Drives must be set to Selected.

Configure

Specific

Crypto

Algorit

hms and

Cipher Suites

Settings on

Removable Data

Drives

2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42

String -

2.16.840.1.101.3.4.1.2;

2.16.840.1.101.3.4.1.42

Specific Crypto Algorithms and Cipher Suites allowed.

To use this policy, Configure Use of Hardware-

Based Encryption

for Removable Data Drives must be set to Selected.

See basic

settings

Policy Default Setting Description

Server Encryption

157