Pre-boot authentication settings
The options on this tab are only available if you have selected BitLocker pre-boot authenticationas the authentication type.
In this case, none of the other tabs will be active because these options only apply to DriveLock pre-boot authentication.
You can select several different options here:
-
You specify a BitLocker password and select none of the other options in the in the top part of the dialog:
-
The encryption process starts when you activate it and/or assign the policy. The user of the client computer is allowed to change the password later or continues to use the password you specified.
Please note that you are responsible for communicating the password to the users over a secure channel.
-
-
You check the User cannot change password box:
- Please specify a fixed password which the user can never change. The initial encryption process starts automatically even without the user being logged on to the client computer, after you activate it and/or assign the policy.
-
As soon as the user starts the computer, the BitLocker password must be entered to unlock the encrypted hard disks.
Please provide users with the appropriate password information over a secure channel.
- The password is entered independently of the encryption progress, i.e. the BitLocker password must be entered as soon as the encryption has started.
-
You check the User must change password option (see figure):
- The user can specify a password, you do not enter a password here.
- If required, you can define the requirements the user password must meet.
- The encryption process starts as soon as the user specifies the password.
- The password may be changed later.
The Allow numbers and Latin based characters option restricts the usage of allowed characters. Special characters can no longer be used with this setting. Please note the information in the BitLocker pre-boot authentication chapter.
Check the Password must meet complexity requirements box to set the criteria you want the user password to meet:
- The password may be between 8 and 20 characters long. A number below 8 or higher than 20 leads to an error message.
- Define the minimum requirements (number of letters, number, special characters etc.).
- If you select the Treat numbers as special characters option, numbers count as numbers and also as special characters. Please make sure that the numbers and special characters correspond.
If you want to set individual passwords for individual client computers, you can do so in the DriveLock Control Center. Here you can also monitor the encryption progress. Please refer to BitLocker Management in the DriveLock Control Center (DCC) for more information.