Reference Guide
Security Management Server Virtual - AdminHelp v9.8
129
Allow BitLocker Encryption
Without a Compatible TPM
Selected
Selected
Not Selected
Selected allows a computer
without a compatible TPM to use
BitLocker encryption. In this
mode, a USB drive is required for
startup. When the key is
inserted, access to the dri
ve is
authenticated and the drive is
accessible. If the USB key is lost
or unavailable, the computer will
require BitLocker recovery for
access.
To use this policy, Require
Additional Authentication at
System Startup must be set to
Selected.
Configure TPM Startup Allow
Do Not Allow
Require
Allow
On computers with a compatible
TPM, three types of
authentication are supported.
Only one of the following can be
required or allowed:
Configure TPM Startup PIN
Configure TPM Startup Key
Configure TPM Startup Key a
nd
PIN
To use this policy, Require
Additional Authentication at
System Startup must be set to
Selected.
Configure TPM Startup PIN Allow
Do Not Allow
Require
Allow
To use this policy, Require
Additional Authentication at
System Startup must be set to
Selec
ted.
This type of authentication
involves the entry of a 4
-digit
to
20-
digit personal identification
number (PIN).
Configure TPM Startup Key Do Not Allow
Do Not Allow
Require
Allow
To use this policy, Require
Additional Authentication at
System Startup mu
st be set to
Selected.
This type of authentication
involves insertion of a USB drive
containing the startup key.
Configure TPM Startup Key and
PIN
Do Not Allow
Do Not Allow
Require
Allow
To use this policy, Require
Additional Authentication at
System Star
tup must be set to
Selected.
This type of authentication
involves a 4
-digit to 20-digit
personal identification number