Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
IT-PO-WIN-C-Bitlocker Encyption Settings
Data collected on: 2-9-2025 09:58:51
General
Details
Domainemea.tpg.ads
OwnerEMEA\padiglione.5-adm
Created25-6-2021 10:14:30
Modified9-2-2023 15:04:32
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{7ffffd4b-1bef-46ab-9d3c-bbf83fd2a34d}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ClientsYesEnabledemea.tpg.ads/IT/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\IT-L-SEC-Bitlocker Encrypted Computers
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\IT-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\IT-L-SEC-Bitlocker Encrypted ComputersRead (from Security Filtering)No
EMEA\IT-L-SEC-Delegation Full AccessEdit settings, delete, modify securityNo
EMEA\padiglione.5-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/BitLocker Drive Encryption
PolicySettingComment
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)Enabled
Select the encryption method for operating system drives:XTS-AES 256-bit
Select the encryption method for fixed data drives:XTS-AES 256-bit
Select the encryption method for removable data drives:XTS-AES 256-bit
PolicySettingComment
Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])Enabled
Select the encryption method:AES 256-bit
Windows Components/BitLocker Drive Encryption/Fixed Data Drives
PolicySettingComment
Allow access to BitLocker-protected fixed data drives from earlier versions of WindowsEnabled
Do not install BitLocker To Go Reader on FAT formatted fixed drivesEnabled
PolicySettingComment
Choose how BitLocker-protected fixed drives can be recoveredEnabled
Allow data recovery agentEnabled
Configure user storage of BitLocker recovery information:
Allow 48-digit recovery password
Allow 256-bit recovery key
Omit recovery options from the BitLocker setup wizardEnabled
Save BitLocker recovery information to AD DS for fixed data drivesEnabled
Configure storage of BitLocker recovery information to AD DS:Backup recovery passwords and key packages
Do not enable BitLocker until recovery information is stored to AD DS for fixed data drivesEnabled
PolicySettingComment
Configure use of hardware-based encryption for fixed data drivesEnabled
Use BitLocker software-based encryption when hardware encryption is not availableEnabled
Restrict encryption algorithms and cipher suites allowed for hardware-based encryptionDisabled
Restrict crypto algorithms or cipher suites to the following:2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42
PolicySettingComment
Enforce drive encryption type on fixed data drivesEnabled
Select the encryption type:Used Space Only encryption
Windows Components/BitLocker Drive Encryption/Operating System Drives
PolicySettingComment
Choose how BitLocker-protected operating system drives can be recoveredEnabled
Allow data recovery agentEnabled
Configure user storage of BitLocker recovery information:
Allow 48-digit recovery password
Allow 256-bit recovery key
Omit recovery options from the BitLocker setup wizardEnabled
Save BitLocker recovery information to AD DS for operating system drivesEnabled
Configure storage of BitLocker recovery information to AD DS:Store recovery passwords and key packages
Do not enable BitLocker until recovery information is stored to AD DS for operating system drivesEnabled
PolicySettingComment
Configure use of hardware-based encryption for operating system drivesEnabled
Use BitLocker software-based encryption when hardware encryption is not availableEnabled
Restrict encryption algorithms and cipher suites allowed for hardware-based encryptionDisabled
Restrict crypto algorithms or cipher suites to the following:2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42
PolicySettingComment
Enforce drive encryption type on operating system drivesEnabled
Select the encryption type:Used Space Only encryption
User Configuration (Disabled)
No settings defined.