This functionality is not compatible with Wake on LAN solutions. Impact: A PIN requires physical presence to restart the computer. If a computer is lost or stolen in this configuration, BitLocker will not provide any additional measure of protection beyond what is provided by native Windows authentication unless the early boot components are tampered with or the encrypted drive is removed from the machine.
Rationale: TPM without use of a PIN will only validate early boot components and does not require a user to enter any additional authentication information. The recommended state for this setting is: Enabled. Note #2: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard. Users can configure advanced startup options in the BitLocker setup wizard. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 4-digit to 20-digit personal identification number (PIN), or both. On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. If the USB key is lost or unavailable you will need to use one of the BitLocker recovery options to access the drive. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. In this mode a USB drive is required for start-up and the key information used to encrypt the drive is stored on the USB drive, creating a USB key. If you want to use BitLocker on a computer without a TPM, select the 'Allow BitLocker without a compatible TPM' check box.
Note: Only one of the additional authentication options can be required at startup, otherwise a policy error occurs. This policy setting is applied when you turn on BitLocker. Information This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM).
0 kommentar(er)
