part IV
this page is under construction
configuring windows
- Run Windows local group policy editor
Win+Rgpedit.mscCtrl+Shft+Ent
- Click Computer Configuration
- Click Administrative Templates
- Click Windows Components
- Click BitLocker Drive Encryption
- Under the BitLocker Drive Encryption heading, double click Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
- Select Enabled
- Under the Options heading, for Select the encryption method for operating system drives select XTS-AES 256-bit
- Under the Options heading, for Select the encryption method for fixed data drives select XTS-AES 256-bit
- Under the Options heading, for Select the encryption method for removable data drives select XTS-AES 256-bit
- Click Apply
- Click OK
- Click Fixed Data Drives
- Under the Fixed Data Drives heading, double click Configure use of hardware-based encryption for fixed data drives
- Select Enabled
- Under the Options heading, uncheck Use BitLocker sofware-based encryption when hardware encryption is not available
- Under the Options heading, uncheck Restrict encryption algorithms and cipher suites allowed for hardware-based encryption
- Click Apply
- Click OK
- Under the Fixed Data Drives heading, double click Enforce drive encryption type on fixed data drives
- Select Enabled
- Under the Options heading, for Select the encryption type select Full encryption
- Click Apply
- Click OK
- Under the Fixed Data Drives heading, double click Configure use of hardware-based encryption for fixed data drives
- Click Operating System Drives
- Under the Operating System Drives heading, double click Configure use of hardware-based encryption for operating system drives
- Select Enabled
- Under the Options heading, uncheck Use BitLocker sofware-based encryption when hardware encryption is not available
- Under the Options heading, uncheck Restrict encryption algorithms and cipher suites allowed for hardware-based encryption
- Click Apply
- Click OK
- Under the Operating System Drives heading, double click Enforce drive encryption type on operating system drives
- Select Enabled
- Under the Options heading, for Select the encryption type select Full encryption
- Click Apply
- Click OK
- Under the Operating System Drives heading, double click Configure use of hardware-based encryption for operating system drives
- Click Removable Data Drives
- Under the Removable Data Drives heading, double click Enforce drive encryption type on removable data drives
- Select Enabled
- Under the Options heading, for Select the encryption type select Full encryption
- Click Apply
- Click OK
- Under the Removable Data Drives heading, double click Enforce drive encryption type on removable data drives
- Under the BitLocker Drive Encryption heading, double click Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
- Click BitLocker Drive Encryption
- Click Windows Components
- Click Administrative Templates
- Configure BitLocker settings
- Restart system
shutdown /r