From 6d9f02fff40978e14b993e0c87c2c310b9955cb3 Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 6 Nov 2023 07:11:15 -0700 Subject: [PATCH] Preboot auth Signed-off-by: Tommy --- Group Policies/Bitlocker Drive Encryption.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Group Policies/Bitlocker Drive Encryption.md b/Group Policies/Bitlocker Drive Encryption.md index fa23be0..c5b01da 100644 --- a/Group Policies/Bitlocker Drive Encryption.md +++ b/Group Policies/Bitlocker Drive Encryption.md @@ -6,4 +6,5 @@ Choose drive encryption method and cipher strength (Windows 10 [Version 1511] an ## Operating System Drives -Allow enhanced PINs for startup -> Enabled +Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**) +Allow enhanced PINs for startup -> Enabled.