Prevent installation of devices using drivers that match these device setup classes > Prevent installation of devices using drivers that match these device setup classes:Ĭomputer Configuration > System > Power Management > Sleep SettingsĪllow standby states (S1-S3) when sleeping (on battery) HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions Prevent installation of devices that match any of these Device IDs > Prevent installation of devices that match any of these Device IDs: Policy PathĬomputer Configuration > System > Device Installation > Device Installation Restrictions View the policies as a CSV which is easier to read than the table below and is also searchable. PIN settings are only required when a startup PIN is desired.Allow Secure Boot for integrity validation policy under Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives can be set to Enabled or Not Configured.
This policy has known issues that may lead to certain built-in devices (network, audio, etc) not working, or a slow system boot, in Windows 10 1709.
BitLocker is not used for Data Loss Prevention in DoD.
Group Policy and Microsoft SCCM 1910 CB can be used for provisioning BitLocker on domain joined systems. This repository hosts Group Policy Objects, compliance checks, and configuration tools in support of implementing BitLocker.Ī BitLocker PowerShell module has been provided to aid in provisioning BitLocker on standalone systems. The Windows 10 BitLocker modules have been validated against NIST FIPS 140-2 program multiple times: BitLocker is also included in the Windows Server releases of Windows since Window Server 2008.
BitLocker is available in the Ultimate and Enterprise editions of Windows Vista and Windows 7, in the Professional and Enterprise editions of Windows 8/8.1, and in the Pro, Enterprise, and Education editions of Windows 10. BitLocker is intended to protect data on devices that have been lost or stolen.
Microsoft BitLocker is a full volume encryption feature built into Windows. BitLocker Guidance About Microsoft BitLocker