Windows Bitlocker
Introduction
With Relution, Bitlocker encryption can be configured in a policy for Windows devices.
Configuration
Three different configuration sections are available within the configuration.
- OS drive
- Installed hard disks
- Removable hard disks
The encryption type can be configured in each case. Depending on the data carrier type, you can choose between different recovery options.
OS data carrier
- Restore options before starting:
- Standard recovery message and URL before startup
- Custom recovery URL before startup
- Custom recovery message before startup
Installed hard disks
- Recovery options:
- Create recovery password
- Create recovery key
- Storage of the recovery key in AD Domain Services
The recovery key is also stored in Relution in the device information (from Server 5.21).
Known Issues
Error message:
BitLocker configuration violated. Messages: - BitLocker policy requires TPM protection to protect the operating system volume, but a TPM is not used.
Solution:
In the Bitlocker configuration, enable the following:
- Authentication at startup required:
On
- Trusted Platform Module (TPM) on incompatible devices:
On
- TPM start-up
Required
- TPM start-up PIN
Blocked
- TPM start-up key
Blocked
- TPM start-up PIN and key
Blocked