The type of BitLocker installation to be performed. Protect the target computer using one of the following methods:
· A TPM microcontroller
· A TPM and an external startup key (using a key that is typically stored on a USB flash drive [UFD])
· A TPM and PIN
· An external startup key
Property configured by |
|
|
Property applies to |
|
BootStrap.ini |
|
|
LTI |
˜ |
CustomSettings.ini |
˜ |
|
|
|
MDT DB |
˜ |
|
ZTI |
|
Value |
Description |
TPM |
Protect the computer with TPM only. The TPM is a microcontroller that stores keys, passwords, and digital certificates. The microcontroller is typically an integral part of the computer motherboard. |
TPMKey |
Protect the computer with TPM and a startup key. Use this option to create a startup key and to save it on a UFD. The startup key must be present in the port each time the computer starts. |
TPMPin |
Protect the computer with TPM and a pin. Use this option in conjunction with the BDEPin property. |
Key |
Protect the computer with an external key (the recovery key) that can be stored in a folder, in AD DS, or printed. |
Example |
[Settings] Priority=Default
[Default] BDEInstallSuppress=NO BDEDriveLetter=S: BDEDriveSize=2000 BDEInstall=TPMKey BDERecoveryKey=AD BDEKeyLocation=C: |
Related Topics