BitLocker To Go policy configuration

Before DriveLock can encrypt an unencrypted USB storage device with BitLocker To Go, you need to configure a policy with the appropriate BitLocker To Go settings.

Specify the following:

1. General Settings

2. Setting: Encrypted drive recovery

   • Encryption recovery rule (certificate-based recovery)
   • Administrative password rule
3. Setting: Enforce encryption

A sample configuration explains all necessary steps.

Once you have completed, saved, and assigned the configuration to the DriveLock agents, a new DriveLock BitLocker To Go entry appears on the user's Start menu with submenus for restoring, encrypting, connecting, and changing the password of each USB storage device.

The next time a user connects a USB storage device to the DriveLock Agent, an unencrypted drive is immediately encrypted. DriveLock walks users through the encryption process. USB storage devices that have been encrypted before will be recognized in the corporate network, won't be re-encrypted and can be used immediately.

Please note that all passwords (user or administrator) should follow the complexity rules (8 characters, upper case, lower case, number, special characters - e.g. DriveLock1$)