Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 7949 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard - Volumne Encrypting in AES128 instead of AES256

SuscripcionesEM

We have created a device protection policy to encrypt volumes using AES256. When the policy is applied to any device, the root volume is encrypted using AES128 algorithm.

This is the policy definition:

This is the final result:

Any idea why?

Thanks in advance.



This thread was automatically locked due to age.
  • 0

    There's not an overriding GPO forcing the lower algorithm is there? (Assuming you're using AD of course...) And this screenshot isn't from a PC that's already been encrypted prior to the SG policy being enforced?

     

     

     

  • FormerMember
    0 FormerMember

    Hey SuscripcionesEM,

    Michael is spot on, there's probably a GPO overriding the setting.

     

    Go to Start > Rungpedit.msc > to open the Local Group Policy Editor.

    Browse to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption.

    Double click "Choose drive encryption method and cipher strength" and select Enabled.

    Click the drop-down box > select AES 256-bit > Click OK.

    BitLocker should now use 256-bit AES encryption when creating new volumes, but it's worth noting that this setting only applies to new volumes you enable BitLocker on.
    Any existing BitLocker volumes will continue to use 128-bit AES.

Unfiltered HTML