Reference Guide
Manage Policies
128
Turn Off Encryption
Do Not Manage ignores the
System Drive (typically the drive
that the operating system is
installed on). Turn On Encryption
allo
ws BitLocker to encrypt the
System Drive only. Turn Off
Encryption disables BitLocker
from encrypting the system drive
or decrypts any BitLocker
-
encrypted system drives.
Encrypt Fixed Drives Do Not Manage
Do Not Manage
Turn On Encryption
Turn Off Encrypti
on
This policy does not encrypt the
system drive. To also encrypt the
system drive, make sure that
Encrypt System Drive Only is also
Turn On Encryption.
Do Not Manage ignores Fixed
Drives. Turn On Encryption allows
BitLocker to encrypt Fixed
Drives. Turn O
ff Encryption
causes Manager to decrypt any
BitLocker encrypted fixed drives.
Encrypt Removable Drives Do Not Manage
Do Not Manage
Turn On Encryption
Turn Off Encryption
Do Not Manage ignores
Removable Drives. Turn On
Encryption allows BitLocker to
encryp
t Removable Drives. Turn
Off Encryption causes Manager to
decrypt any BitLocker encrypted
removable drives.
Require Additional
Authentication at System Startup
Not Selected
Selected
Not Selected
This policy allows for the
configuration of BitLocker to
req
uire additional authentication
each time the computer starts up
[with or without a Trusted
Platform module (TPM)].
More...
This policy is the parent policy
to:
Allow BitLocker Encryption
Without a Compatible TPM
Configure TPM Startup
Configure TPM Startup
PIN
Configure TPM Startup Key
Configure TPM Startup Key and
PIN