mirror of
https://github.com/TommyTran732/Windows-Setup.git
synced 2024-12-22 23:01:54 -05:00
Mention the disable new DMA devices policy
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
fb28b39fda
commit
1863c622cd
@ -4,7 +4,9 @@
|
||||
|
||||
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) -> Enable -> XTS-AES 256-bit for operating system, fixed data, and removable drives.
|
||||
|
||||
**The disable new DMA devices when computer is locked should only be enabled if your computer does not support kernel DMA protection.**
|
||||
|
||||
## Operating System Drives
|
||||
|
||||
- Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
|
||||
- Allow enhanced PINs for startup -> Enabled.
|
||||
- Allow enhanced PINs for startup -> Enabled.
|
Loading…
Reference in New Issue
Block a user