From 9de5998b58c2e44a04750936055ab6f03f4fbeca Mon Sep 17 00:00:00 2001 From: Tommy Date: Sat, 30 Dec 2023 19:19:05 -0700 Subject: [PATCH] Reorganization Signed-off-by: Tommy --- Group Policies Objects/Bitlocker.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Group Policies Objects/Bitlocker.md b/Group Policies Objects/Bitlocker.md index 0251675..1693d4f 100644 --- a/Group Policies Objects/Bitlocker.md +++ b/Group Policies Objects/Bitlocker.md @@ -12,7 +12,6 @@ Choose drive encryption method and cipher strength-> Enable -> XTS-AES 256-bit f - Disallow standard users from changing the PIN or password -> Enabled - Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**) +- Require additional authentication at startup (Windows Server 2008 and Windows Vista) -> Enabled -> Uncheck "Allow Bitlocker without a compatible TPM". Not necessary because you shouldn't be running these versions anyways, but just in case you do have them. - Allow enhanced PINs for startup -> Enabled. -- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,6,7,11 - -- Require additional authentication at startup (Windows Server 2008 and Windows Vista) -> Enabled -> Uncheck "Allow Bitlocker without a compatible TPM". Not necessary because you shouldn't be running these versions anyways, but just in case you do have them. \ No newline at end of file +- Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,6,7,11 \ No newline at end of file