Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

171

172

173

174

175

176

177

178

179

180

Manage Policies

162

Do Not Enable BitLocker Until Recovery Info is Stored in AD DS for Fixed

Data Drives

Allow Data

Recovery Agent for

Protected Fixed

Data Drives

Selected

Not Selected

When Selected, a data recovery agent is allowed for use with BitLocker

protected fixed data drives. Before the agent can be used, it must be

added from the Public Key Policies in either the Group Policy Management

Console or the Local Group Policy Editor.

When setting this policy to Selected, the Choose How BitLocker-protected

Fixed Drives Can be Recovered policy must also be set to Selected.

Configure User

Storage of BitLocker

48-digit Recovery

Password

Allow

Require

Do Not Allow

This policy determines if a user is allowed, required, or not allowed to

generate a 48-digit password.

When setting this policy to Allow or Require, the Choose How BitLocker-

protected Fixed Drives Can be Recovered policy must also be set to

Selected.

Configure User

Storage of BitLocker

256-bit Recovery

Key

Allow

Require

Do Not Allow

This policy determines if a user is allowed, required, or not allowed to

generate a 256-bit recovery key.

When setting this policy to Allow or Require, the Choose How BitLocker-

protected Fixed Drives Can be Recovered policy must also be set to

Selected.

Omit Recovery

Options from the

BitLocker Setup

Wizard

Not Selected

Selected

Not Selected

When Selected, users are prevented from specifying recovery options

when BitLocker is enabled. Recovery options for the drive are determined

by policy settings.

When setting this policy to Not Selected, the Choose How BitLocker-

protected Fixed Drives Can be Recovered policy must also be set to

Selected.

Save BitLocker

Recovery

Information to AD

DS for Fixed Data

Drives

Selected

Not Selected

Selected allows BitLocker recovery information to be stored in AD DS for

fixed data drives. BitLocker recovery information is always saved to the

Dell Server. Enabling this policy additionally saves the information to AD.

More...

The appropriate schema extensions and access control settings on the

domain must be first configured before AD DS backup can succeed.

When setting this policy to Selected, the Choose How BitLocker-protected

Fixed Drives Can be Recovered policy must also be set to Selected.

Set this policy to Selected to use the policy BitLocker Recovery Information

to Store in AD DS.

BitLocker Recovery

Information to

Store in AD DS

Recovery Passwords and Key Packages

Recovery Passwords Only

This policy provides the option of storing recovery passwords and key

packages, or storing the recovery password only in AD DS. The appropriate

schema extensi

ons and access control settings on the domain must be first

configured before applying this policy.

The Choose How BitLocker-

protected Fixed Drives Can be Recovered policy

must be set to Selected to use this policy.

To use this policy, Save BitLocker Recovery Information to AD DS for Fixed

Data Drives must be set to Selected.

Do Not Enable

BitLocker Until

Recovery

Information is

Not Selected

Selected

Not Selected

Although BitLocker recovery information is automatically stored in

the Dell

Server, this policy additionally requires BitLocker drive encryption recovery