Windows Bitlocker

Introduction

With Relution, Bitlocker encryption can be configured in a policy for Windows devices.

Configuration

Three different configuration sections are available within the configuration.

OS drive
Installed hard disks
Removable hard disks

The encryption type can be configured in each case. Depending on the data carrier type, you can choose between different recovery options.

OS data carrier

Restore options before starting:
- Standard recovery message and URL before startup
- Custom recovery URL before startup
- Custom recovery message before startup

Installed hard disks

Recovery options:
- Create recovery password
- Create recovery key
- Storage of the recovery key in AD Domain Services

The recovery key is also stored in Relution in the device information (from Server 5.21).

Known Issues

Error message:
BitLocker configuration violated. Messages: - BitLocker policy requires TPM protection to protect the operating system volume, but a TPM is not used.

Solution:
In the Bitlocker configuration, enable the following:

Authentication at startup required: On
Trusted Platform Module (TPM) on incompatible devices: On
TPM start-up Required
TPM start-up PIN Blocked
TPM start-up key Blocked
TPM start-up PIN and key Blocked

Windows Bitlocker

Introduction #

Configuration #

OS data carrier #

Installed hard disks #

Known Issues #

Introduction

Configuration

OS data carrier

Installed hard disks

Known Issues