You administer Windows 8.1 computers in your company network. The security policies of the company require that USB storage devices are allowed only if they are protected with BitlockerTo Go.
You need to prevent users from removing Bitlocker encryption from the USB storage devices. Which configuration setting should you modify? (To answer, select the appropriate setting in the answer area.)
Hot Area:
Correct Answer:
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj679890.aspx
BitLocker Group Policy Settings
.. Control use of BitLocker on removable drives
This policy setting is used to prevent users from turning BitLocker on or off on removable data drives.
.. Configure use of smart cards on fixed data drives
This policy setting is used to require, allow, or deny the use of smart cards with fixed data drives.
.. Deny write access to removable drives not protected by BitLocker
This policy setting is used to require that removable drives are encrypted prior to granting Write access, and to control whether BitLocker-protected removable drives that were configured in another organization can be opened with Write access.
.. Configure use of hardware-based encryption for removable data drives
This policy controls how BitLocker reacts to encrypted drives when they are used as removable data drives. Using hardware-based encryption can improve the performance of drive operations that involve frequent reading or writing of data to the drive.
..Enforce drive encryption type on removable data drives
This policy controls whether fixed data drives utilize Full encryption or Used Space Only encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user.
..Allow access to BitLocker-protected removable data drives from earlier versions of Windows
This policy setting controls access to removable data drives that are using the BitLocker To Go Reader and whether the BitLocker To Go Reader can be installed on the drive.
.. Configure use of passwords on removable data drives
This policy setting is used to require, allow, or deny the use of passwords with removable data drives.
.. Choose how BitLocker-protected removable drives can be recovered
This policy setting is used to configure recovery methods for removable data drives.
..
Further Information: