Reference Guide
Manage Policies
128
Turn Off Encryption
Do Not Manage ignores the
System Drive (typically the drive
that the operating system is
installed on). Turn On Encryption
allows BitLocker to encrypt the
System Drive only. Turn Off
Encryption
disables BitLocker
from encrypting the system drive
or decrypts any BitLocker
-
encrypted system drives.
Encrypt Fixed Drives Do Not Manage
Do Not Manage
Turn On Encryption
Turn Off Encryption
This policy does not encrypt the
system drive. To also encrypt the
system drive, make sure that
Encrypt System Drive Only is also
Turn On Encryption.
Do Not Manage ignores Fixed
Drives. Turn On Encryption allows
BitLocker to encrypt Fixed
Drives. Turn Off Encryption
causes Manager to decrypt any
BitLocker encrypted fix
ed drives.
Encrypt Removable Drives Do Not Manage
Do Not Manage
Turn On Encryption
Turn Off Encryption
Do Not Manage ignores
Removable Drives. Turn On
Encryption allows BitLocker to
encrypt Removable Drives. Turn
Off Encryption causes Manager to
decrypt a
ny BitLocker encrypted
removable drives.
Require Additional
Authentication at System Startup
Not Selected
Selected
Not Selected
This policy allows for the
configuration of BitLocker to
require additional authentication
each time the computer starts up
[wi
th or without a Trusted
Platform module (TPM)].
More...
This policy is the parent policy
to:
Allow BitLocker Encryption
Without a Compatible TPM
Configure TPM Startup
Configure TPM Startup PIN
Configure TPM Startup Key
Configure TPM Startup Key and
PIN