Tomster/Windows-Setup
1
0
Fork 0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-09-16 08:24:51 -04:00
Code

Mention the disable new DMA devices policy

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2023-11-14 14:18:42 -07:00
parent fb28b39fda
commit 1863c622cd
No known key found for this signature in database
GPG Key ID: D30DEC268D3FEB17
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Group Policies/Computer Configuration/Windows Components/Bitlocker Drive Encryption.md
View File

@ -4,7 +4,9 @@
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) -> Enable -> XTS-AES 256-bit for operating system, fixed data, and removable drives.
**The disable new DMA devices when computer is locked should only be enabled if your computer does not support kernel DMA protection.**
## Operating System Drives
- Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
- Allow enhanced PINs for startup -> Enabled.
- Allow enhanced PINs for startup -> Enabled.