Reference Guide
Security Management Server - AdminHelp v9.8
129
Allow BitLocker Encryption
Without a Compatible TPM
Selected
Selected
Not Selected
Selected allows a computer
without a compatible TPM to use
BitLocker encryption. In this
mode, a USB drive i
s required for
startup. When the key is
inserted, access to the drive is
authenticated and the drive is
accessible. If the USB key is lost
or unavailable, the computer will
require BitLocker recovery for
access.
To use this policy, Require
Additional Authe
ntication at
System Startup must be set to
Selected.
Configure TPM Startup Allow
Do Not Allow
Require
Allow
On computers with a compatible
TPM, three types of
authentication are supported.
Only one of the following can be
required or allowed:
Configure TP
M Startup PIN
Configure TPM Startup Key
Configure TPM Startup Key and
PIN
To use this policy, Require
Additional Authentication at
System Startup must be set to
Selected.
Configure TPM Startup PIN Allow
Do Not Allow
Require
Allow
To use this policy, Requi
re
Additional Authentication at
System Startup must be set to
Selected.
This type of authentication
involves the entry of a 4
-digit
to
20-
digit personal identification
number (PIN).
Configure TPM Startup Key Do Not Allow
Do Not Allow
Require
Allow
To use
this policy, Require
Additional Authentication at
System Startup must be set to
Selected.
This type of authentication
involves insertion of a USB drive
containing the startup key.
Configure TPM Startup Key and
PIN
Do Not Allow
Do Not Allow
Require
Allow
T
o use this policy, Require
Additional Authentication at
System Startup must be set to
Selected.
This type of authentication
involves a 4
-digit to 20-digit
personal identification number