1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-12-22 06:41:47 -05:00

Reorganization

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2023-12-30 19:19:05 -07:00
parent ffcf4a32f5
commit 9de5998b58
Signed by: Tomster
GPG Key ID: 555C902A34EC968F

View File

@ -12,7 +12,6 @@ Choose drive encryption method and cipher strength-> Enable -> XTS-AES 256-bit f
- Disallow standard users from changing the PIN or password -> Enabled
- Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
- Require additional authentication at startup (Windows Server 2008 and Windows Vista) -> Enabled -> Uncheck "Allow Bitlocker without a compatible TPM". Not necessary because you shouldn't be running these versions anyways, but just in case you do have them.
- Allow enhanced PINs for startup -> Enabled.
- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,6,7,11
- Require additional authentication at startup (Windows Server 2008 and Windows Vista) -> Enabled -> Uncheck "Allow Bitlocker without a compatible TPM". Not necessary because you shouldn't be running these versions anyways, but just in case you do have them.
- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,6,7,11