The type of BitLocker installation to be performed. Protect the target computer using one of the following methods:

·     A TPM microcontroller

·     A TPM and an external startup key (using a key that is typically stored on a UFD)

·     A TPM and PIN

·     An external startup key

 

Property configured by

 

 

Property applies to

 

BootStrap.ini

 

 

LTI

˜

CustomSettings.ini

˜

 

 

 

MDT DB

˜

 

ZTI

˜

 

Value

Description

TPM

Protect the computer with TPM only. The TPM is a microcontroller that stores keys, passwords, and digital certificates. The microcontroller is typically an integral part of the computer motherboard.

TPMKey

Protect the computer with TPM and a startup key. Use this option to create a startup key and to save it on a UFD. The startup key must be present in the port each time the computer starts.

TPMPin

Protect the computer with TPM and a pin. Use this option in conjunction with the BDEPin property.

Note   This value is not valid when using ZTI 2012 or Configuration Manager 2007 R3.

Key

Protect the computer with an external key (the recovery key) that can be stored in a folder, in AD DS, or printed.

 

Example

[Settings]

Priority=Default

 

[Default]

BDEInstallSuppress=NO

BDEDriveLetter=S:

BDEDriveSize=2000

OSDBitLockerMode=TPM

OSDBitLockerCreateRecoveryPassword=AD

 

Related Topics

Property Definition