Windows Bitlocker

Introduction

With Relution, Bitlocker encryption can be configured in a policy for Windows devices.

Configuration

Three different configuration sections are available within the configuration.

  • OS drive
  • Installed hard disks
  • Removable hard disks

The encryption type can be configured in each case. Depending on the data carrier type, you can choose between different recovery options.

OS data carrier

  • Restore options before starting:
    • Standard recovery message and URL before startup
    • Custom recovery URL before startup
    • Custom recovery message before startup

Installed hard disks

  • Recovery options:
    • Create recovery password
    • Create recovery key
    • Storage of the recovery key in AD Domain Services

The recovery key is also stored in Relution in the device information (from Server 5.21).

Recovery Key

Known Issues

Error message:
BitLocker configuration violated. Messages: - BitLocker policy requires TPM protection to protect the operating system volume, but a TPM is not used.

Solution:
In the Bitlocker configuration, enable the following:

  • Authentication at startup required: On
  • Trusted Platform Module (TPM) on incompatible devices: On
  • TPM start-up Required
  • TPM start-up PIN Blocked
  • TPM start-up key Blocked
  • TPM start-up PIN and key Blocked