Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
AL-ADM-WIN-C-Bitlocker Encryption Settigns Legacy
Data collected on: 2-9-2025 09:44:52
General
Details
Domainemea.tpg.ads
OwnerEMEA\likaj.7-adm
Created17-4-2020 12:33:04
Modified25-10-2023 15:25:28
User Revisions11 (AD), 11 (SYSVOL)
Computer Revisions56 (AD), 56 (SYSVOL)
Unique ID{c02ccb5e-d09d-43a4-adbe-4c2187bf848c}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ClientsNoEnabledemea.tpg.ads/AL/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\ALTIR-L-SEC-Computer Configuration Bitlocker Legacy
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\AL-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\ALTIR-L-SEC-Computer Configuration Bitlocker LegacyRead (from Security Filtering)No
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\likaj.7-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
System/Trusted Platform Module Services
PolicySettingComment
Configure the level of TPM owner authorization information available to the operating systemEnabled
Operating system managed TPM authentication level:Full
PolicySettingComment
Configure the system to clear the TPM if it is not in a ready state.Enabled
Windows Components/BitLocker Drive Encryption
PolicySettingComment
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)Enabled
Select the encryption method for operating system drives:XTS-AES 256-bit
Select the encryption method for fixed data drives:XTS-AES 256-bit
Select the encryption method for removable data drives:XTS-AES 256-bit
PolicySettingComment
Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])Enabled
Select the encryption method:AES 256-bit
PolicySettingComment
Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)Enabled
Select the encryption method:AES 256-bit
PolicySettingComment
Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)Enabled
Important: To prevent data loss, you must have a way to recover BitLocker encryption keys. If you do not allow both recovery options below, you must enable backup of BitLocker recovery information to AD DS. Otherwise, a policy error occurs.
Configure 48-digit recovery password:Require recovery password (default)
Configure 256-bit recovery key:Require recovery key (default)
Note: If you do not allow the recovery password and require the recovery key, users cannot turn on BitLocker without saving to USB.
PolicySettingComment
Provide the unique identifiers for your organizationEnabled
BitLocker identification field:Teleperformance-TPM-Security WAHA
Allowed BitLocker identification field:Teleperformance-TPM-Security WAHA
PolicySettingComment
Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)Enabled
Require BitLocker backup to AD DSEnabled
If selected, cannot turn on BitLocker if backup fails (recommended default).
If not selected, can turn on BitLocker even if backup fails. Backup is not automatically retried.
Select BitLocker recovery information to store:Recovery passwords and key packages
A recovery password is a 48-digit number that unlocks access to a BitLocker-protected drive.
A key package contains a drive's BitLocker encryption key secured by one or more recovery passwords
Key packages may help perform specialized recovery when the disk is damaged or corrupted.
Windows Components/BitLocker Drive Encryption/Fixed Data Drives
PolicySettingComment
Choose how BitLocker-protected fixed drives can be recoveredEnabled
Allow data recovery agentEnabled
Configure user storage of BitLocker recovery information:
Allow 48-digit recovery password
Allow 256-bit recovery key
Omit recovery options from the BitLocker setup wizardDisabled
Save BitLocker recovery information to AD DS for fixed data drivesEnabled
Configure storage of BitLocker recovery information to AD DS:Backup recovery passwords and key packages
Do not enable BitLocker until recovery information is stored to AD DS for fixed data drivesEnabled
Windows Components/BitLocker Drive Encryption/Operating System Drives
PolicySettingComment
Choose how BitLocker-protected operating system drives can be recoveredEnabled
Allow data recovery agentEnabled
Configure user storage of BitLocker recovery information:
Allow 48-digit recovery password
Allow 256-bit recovery key
Omit recovery options from the BitLocker setup wizardDisabled
Save BitLocker recovery information to AD DS for operating system drivesEnabled
Configure storage of BitLocker recovery information to AD DS:Store recovery passwords and key packages
Do not enable BitLocker until recovery information is stored to AD DS for operating system drivesEnabled
PolicySettingComment
Enforce drive encryption type on operating system drivesEnabled
Select the encryption type:Used Space Only encryption
PolicySettingComment
Require additional authentication at startupEnabled
Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)Enabled
Settings for computers with a TPM:
Configure TPM startup:Allow TPM
Configure TPM startup PIN:Allow startup PIN with TPM
Configure TPM startup key:Allow startup key with TPM
Configure TPM startup key and PIN:Allow startup key and PIN with TPM
Preferences
Control Panel Settings
Services
Service (Name: ShellHWDetection)
ShellHWDetection (Order: 1)
General
Service nameShellHWDetection
ActionStart service
Startup type:Automatic
Wait timeout if service is locked:30 seconds
Service Account
Log on service as:No change
Recovery
First failure:Restart the service
Second failure:Restart the service
Subsequent failures:No change
Reset fail count after:0 days
Restart service after:1 minute
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
User Configuration (Disabled)
No settings defined.