programming4us
programming4us
SECURITY

Windows 8 : Managing BitLocker and other policy-based mobility tools (part 1) - Configuring BitLocker policies

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Configuring BitLocker policies

BitLocker is an encryption technology used to ensure that an entire volume is encrypted. Encrypting File System (EFS) enables encryption on specified files and folders, which allows granular control of the technology but makes management more difficult because the encrypted files or folders can be anywhere on the disk. With BitLocker, the entire volume is encrypted and requires a Trusted Platform Module (TPM) chip in the computer or an alternate method of authentication, such as an encryption key on a USB flash disk, to operate.

Using policies to configure BitLocker allows the settings to be centrally managed if the computer or device is managed by Active Directory. If the computer or device is not managed by Active Directory, the same policy settings can be applied by using the Local Group Policy Editor. Configuring the settings for a local policy uses the same concepts as configuring Group Policy in Active Directory; the difference is that the settings apply only to the local computer or to user accounts on the local computer.

If the computer joins an Active Directory domain and a conflicting setting exists within the domain, the local computer’s setting will be overwritten by the settings from Active Directory.

Policy settings for BitLocker include the following:

  • Fixed Data Drives

    • Configure Use Of Smart Cards On Fixed Data Drives

    • Deny Write Access To Fixed Drives Not Protected By BitLocker

    • Configure Use Of Hardware-Based Encryption For Fixed Data Drives

    • Enforce Drive Encryption Type On Fixed Data Drives

    • Allow Access To BitLocker-Protected Fixed Data Drives From Earlier Versions Of Windows

    • Configure Use Of Passwords For Fixed Data Drives

    • Choose How BitLocker-Protected Fixed Drives Can Be Recovered

  • Operating System Drives

    • Allow Network Unlock At Startup

    • Allow Secure Boot For Integrity Validation

    • Require Additional Authentication At Startup

    • Require Additional Authentication At Startup (Windows Server 2008 And Windows Vista)

    • Disallow Standard Users From Changing The PIN Or Password

    • Enable Use Of BitLocker Authentication Requiring Preboot Keyboard Input On Slates

    • Allow Enhanced PINs For Startup

    • Configure Minimum PIN Length For Startup

    • Configure Use Of Hardware-Based Encryption For Operating System Drives

    • Enforce Drive Encryption Type On Operating System Drives

    • Configure Use Of Passwords For Operating System Drives

    • Choose How BitLocker-Protected Operating System Drives Can Be Recovered

    • Configure TPM Platform Validation Profile For BIOS-Based Firmware Configuration

    • Configure TPM Platform Validation Profile (Windows Vista, Windows Server 2008, Windows 7, And Windows Server 2008 R2)

    • Configure TPM Platform Validation Profile For Native Unified Extensible Firmware Interface (UEFI) Firmware Configurations

    • Reset Platform Validation Data After BitLocker Recovery

    • Use Enhanced Boot Configuration Data Validation Profile

    • Store BitLocker Recovery Information In Active Directory Domain Services (AD DS) (Windows Server 2008 And Windows Vista)

    • Choose Default Folder For Recovery Password

    • Choose How Often Users Can Recover BitLocker-Protected Drives (Windows Server 2008 And Windows Vista)

    • Choose Drive Encryption Method And Cipher Strength

    • Choose Drive Encryption Method And Cipher Strength (Windows Vista, Windows Server 2008, Windows Server 2008 R2, And Windows 7)

    • Provide The Unique Identifiers For Your Organization

    • Prevent Memory Overwrite On Restart

    • Validate Smart Card Certificate Usage Rule Compliance

Figure 1 displays the Local Group Policy Editor with the BitLocker policy objects displayed.

BitLocker configured by using policy settings to centralize management of the feature

Figure 1. BitLocker configured by using policy settings to centralize management of the feature

To configure the local policy settings, complete the following steps:

  1. Launch the Local Group Policy Editor by searching for gpedit.msc on the Start screen or typing gpedit.msc in the Run dialog box (Windows logo key+R).

  2. Expand the Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption path.

  3. Select the policy object you want to work with.

  4. Select Enabled.

  5. Review the explanation provided with the object and configure available options as needed.

  6. Tap or click OK to save the changes.

Other  
 
Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
- Messages forwarded by Outlook rule go nowhere
- Create and Deploy Windows 7 Image
- How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
- Creating and using an unencrypted cookie in ASP.NET
- Directories
- Poor Performance on Sharepoint 2010 Server
- SBS 2008 ~ The e-mail alias already exists...
- Public to Private IP - DNS Changes
- Send Email from Winform application
- How to create a .mdb file from ms sql server database.......
programming4us programming4us
programming4us
 
 
programming4us