1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-11-09 17:51:43 -05:00
Windows-Setup/Group Policies/Computer Configuration/Bitlocker Drive Encryption.md
Tommy 6d4c6688e2
Windows spotlight
Signed-off-by: Tommy <contact@tommytran.io>
2023-11-06 07:35:55 -07:00

663 B

Bitlocker Drive Encryption

Computer Configuration\Administrative Templates\Windows Component\Bitlocker Drive Encryption

Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) -> Enable -> XTS-AES 256-bit for operating system, fixed data, and removable drives.

Operating System Drives

Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (This is especially important as we do not want the TPM to automatically release the encryption key at boot.) Allow enhanced PINs for startup -> Enabled.