The type of BitLocker installation to be performed. Protect the target computer using one of the following methods:

·     A TPM microcontroller

·     A TPM and an external startup key (using a key that is typically stored on a USB flash drive [UFD])

·     A TPM and PIN

·     An external startup key

 

Property configured by

 

 

Property applies to

 

BootStrap.ini

 

 

LTI

˜

CustomSettings.ini

˜

 

 

 

MDT DB

˜

 

ZTI

 

 

Value

Description

TPM

Protect the computer with TPM only. The TPM is a microcontroller that stores keys, passwords, and digital certificates. The microcontroller is typically an integral part of the computer motherboard.

TPMKey

Protect the computer with TPM and a startup key. Use this option to create a startup key and to save it on a UFD. The startup key must be present in the port each time the computer starts.

TPMPin

Protect the computer with TPM and a pin. Use this option in conjunction with the BDEPin property.

Key

Protect the computer with an external key (the recovery key) that can be stored in a folder, in AD DS, or printed.

 

Example

[Settings]

Priority=Default

 

[Default]

BDEInstallSuppress=NO

BDEDriveLetter=S:

BDEDriveSize=2000

BDEInstall=TPMKey

BDERecoveryKey=AD

BDEKeyLocation=C:

 

Related Topics

Property Definition