From b2e77c5331849536f4459b2430e0c222b74149d9 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Sat, 30 Dec 2023 17:03:08 -0700
Subject: [PATCH] Update comment regarding DMA protection

Signed-off-by: Tommy <contact@tommytran.io>
---
 Group Policies Objects/Bitlocker.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Group Policies Objects/Bitlocker.md b/Group Policies Objects/Bitlocker.md
index 2d6250d..74e3b16 100644
--- a/Group Policies Objects/Bitlocker.md	
+++ b/Group Policies Objects/Bitlocker.md	
@@ -2,9 +2,9 @@
 
 `Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption`
 
-Choose drive encryption method and cipher strength-> Enable -> XTS-AES 256-bit for operating system, fixed data, and removable drives.
+Choose drive encryption method and cipher strength-> Enable -> XTS-AES 256-bit for operating system, fixed data, and removable drives. For Windows Vista, Windows Server 2008, etc... use AES 256-bit.
 
-**The disable new DMA devices when computer is locked should only be enabled if the specific computer does not support kernel DMA protection.**
+**The disable new DMA devices when computer is locked should only be enabled if the specific computer does not support kernel DMA protection. Do not set this at the domain level.**
 
 ## Operating System Drives