Reference Guide
Security Management Server Virtual v10.2.11 AdminHelp
Card
Certificate
Identifier
Not Selected
This policy allows or denies an object identifier to be
specified for enhanced key usage with a certificate.
This policy must be set to Selected to use the policy Smart
Card Certificate Identifier.
Smart Card
Certificate
Identifier
1.3.6.1.4.1.311.67.1.1
1.3.6.1.4.1.311.67.1.1
This policy provides for an object identifier to be specified
for enhanced key usage with a certificate. BitLocker can
identify which certificates may be used to authenticate a user
certificate to a BitLocker drive by matching the object
identifier in the certificate with the object identifier that
is defined by this poli
cy. Use caution if changing the default
value.
To use this policy, Enable Smart Card Certificate Identifier
must be set to Selected.
See basic
settings
Bitlocker Encryption - Operating System Volume Settings
Allow Enhanced
PINs for
Startup
Not Selected
Selected
Not Selected
Selected allows enhanced startup PINs to be used with
BitLocker.
Enhanced startup PINs permit the use of characters including
uppercase and lowercase letters, symbols, num
bers, and spaces.
This policy setting is applied when you turn on BitLocker.
Number of
Characters
Required in
PIN
4
4-20 digits
This policy configures the minimum length for a TPM startup
PIN. The startup PIN must have a minimum length of 4 digits
and can have a maximum of 20 digits.
Allow Network
Unlock at
Startup on
Operating
System Drives
Not Selected
Selected
Not Selected
This policy specifies if a user is allowed to use the Network
Unlock at Startup feature on operating system drives.
Allow
SecureBoot on
Operating
System Drives
Selected
Selected
Not Selected
This policy specifies if a user is allowed to use SecureBoot
on operating system drives.
Disallow
Standard Users
from Changing
the PIN on
Operating
System Drives
Not Selected
Selected
Not Selected
This policy specifies if a standard user is allowed to change
their PIN on operating system drives.
Enable Use of
Preboot
Keyboard Input
on Slates
Not Selected
Selected
Not Selected
This policy specifies if a preboot keyboard input is enabled
on Slates.
Reset Platform
Validation
Data After
Recovery
Not Selected
Selected
Not Selected
This policy specifies if a preboot keyboard input is enabled
on Slates.
Choose How
BitLocker-
protected
Operating
System Drives
Can be
Recovered
Not Selected
Selected
Not Selected
BitLocker drives can always be recovered with BitLocker
Manager, even if this value is Not Selected. For the GPO, a
Selected value allows you to specify how BitLocker drives are
recovered.
More...
This policy is the parent policy to:
Allow Data Recovery Agent for Protected Operating System
Drives
147