Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 6634 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard 6.10 / BitLocker

TAG617

Hi All,

I'm testing out SafeGuard 6.10 with the native encryption in Windows 7/8

I do not like the fact you need a PIN, is there a way around this? I'm using UEFI Hybrid (with CSM) setting in the BIOS. 

Second, I am not able to find how/where SafeGuard stores the recovery key. Are the only options to store on the network or a USB stick?? 

Thanks!

:49536


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    you can choose the different startup protectors in a SafeGuard Enterprise Authentication -> "Bit Locker options" policy. The following options are available:

    ■ TPM: The key for logon is stored on the TPM chip.

    ■ TPM + PIN: The key for logon is stored on the TPM chip and a PIN is also required for logon. Settings for the PIN are given under PIN and password.

    ■ USB Memory Stick: The key for logon is stored on a USB stick.

    ■ TPM + USB Memory Stick: The key for logon is stored on the TPM chip and on a USB stick. Logon can either be with the TPM chip or USB stick. 
    Note: To be able to use TPM + PIN, TPM + USB Memory Stick or USB Memory Stick enable the Group Policy Require additional authentication at startup either in Active Directory or on computers locally. In the Local Group Policy Editor
    (gpedit.msc) the Group Policy can be found here: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drive.

    For USB Memory Stick additionally activate Allow BitLocker without a compatible TPM within the Group Policy.

    If you don't want to use a PIN, just reconfigure the policy from TPM+PIN to TPM only.

    When using SafeGuard Enterprise, the BitLocker Recovery Key is stored in the SafeGuard Enterprise Database and can be accessed from a Security Officer using the SafeGuard Enterprise Management Center | Recovery ... function.

    Regards,

    ChrisD

    :49610
Reply
  • 0

    Hi,

    you can choose the different startup protectors in a SafeGuard Enterprise Authentication -> "Bit Locker options" policy. The following options are available:

    ■ TPM: The key for logon is stored on the TPM chip.

    ■ TPM + PIN: The key for logon is stored on the TPM chip and a PIN is also required for logon. Settings for the PIN are given under PIN and password.

    ■ USB Memory Stick: The key for logon is stored on a USB stick.

    ■ TPM + USB Memory Stick: The key for logon is stored on the TPM chip and on a USB stick. Logon can either be with the TPM chip or USB stick. 
    Note: To be able to use TPM + PIN, TPM + USB Memory Stick or USB Memory Stick enable the Group Policy Require additional authentication at startup either in Active Directory or on computers locally. In the Local Group Policy Editor
    (gpedit.msc) the Group Policy can be found here: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drive.

    For USB Memory Stick additionally activate Allow BitLocker without a compatible TPM within the Group Policy.

    If you don't want to use a PIN, just reconfigure the policy from TPM+PIN to TPM only.

    When using SafeGuard Enterprise, the BitLocker Recovery Key is stored in the SafeGuard Enterprise Database and can be accessed from a Security Officer using the SafeGuard Enterprise Management Center | Recovery ... function.

    Regards,

    ChrisD

    :49610
Children
No Data
Unfiltered HTML