1.2.4.2.2.29 Configure 'Allow network unlock at startup'

Information

This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area
Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to
automatically unlock the operating system drive when the computer is started.

Solution

Configure this setting in a manner that is consistent with security and operational requirements of your organization.

See Also

https://workbench.cisecurity.org/files/17

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-28(1), CSCv6|13.2

Plugin: Windows

Control ID: a3e4d8c295a8ed68d8642102a96109b0faba244ff9eaf07a1c0ac7c5a3bbcbb4