Toggle navigation
Group Policy Home
HKEY_LOCAL_MACHINE
(current)
Software
(current)
Policies
(current)
Microsoft
(current)
Search
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation
Configure use of hardware-based encryption for removable data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVHardwareEncryption
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVAllowSoftwareEncryptionFailover
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVRestrictHardwareEncryptionAlgorithms
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVAllowedHardwareEncryptionAlgorithms
Enforce drive encryption type on removable data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVEncryptionType
Configure use of smart cards on removable data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVAllowUserCert
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVEnforceUserCert
Allow access to BitLocker-protected removable data drives from earlier versions of Windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVDiscoveryVolumeType
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVNoBitLockerToGoReader
Deny write access to removable drives not protected by BitLocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVDenyCrossOrg
Configure use of passwords for removable data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVPassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVEnforcePassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVPassphraseComplexity
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVPassphraseLength
Control use of BitLocker on removable drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVConfigureBDE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVAllowBDE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVDisableBDE
Choose how BitLocker-protected removable drives can be recovered
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVRecovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVRecoveryPassword
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVRecoveryKey
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVManageDRA
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVHideRecoveryPage
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVRequireActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVActiveDirectoryInfoToStore
Configure use of hardware-based encryption for fixed data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVHardwareEncryption
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVAllowSoftwareEncryptionFailover
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVRestrictHardwareEncryptionAlgorithms
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVAllowedHardwareEncryptionAlgorithms
Enforce drive encryption type on fixed data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVEncryptionType
Configure use of smart cards on fixed data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVAllowUserCert
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVEnforceUserCert
Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVDiscoveryVolumeType
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVNoBitLockerToGoReader
Configure use of passwords for fixed data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVPassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVEnforcePassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVPassphraseComplexity
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVPassphraseLength
Choose how BitLocker-protected fixed drives can be recovered
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVRecovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVRecoveryPassword
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVRecoveryKey
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVManageDRA
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVHideRecoveryPage
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVRequireActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVActiveDirectoryInfoToStore
Allow Secure Boot for integrity validation
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSAllowSecureBootForIntegrity
Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSEnablePreBootPinExceptionOnDECapableDevice
Enable use of BitLocker authentication requiring preboot keyboard input on slates
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSEnablePrebootInputProtectorsOnSlates
Configure use of hardware-based encryption for operating system drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSHardwareEncryption
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSAllowSoftwareEncryptionFailover
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSRestrictHardwareEncryptionAlgorithms
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSAllowedHardwareEncryptionAlgorithms
Configure minimum PIN length for startup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
MinimumPIN
Allow network unlock at startup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSManageNKP
Require additional authentication at startup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseAdvancedStartup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EnableBDEWithNoTPM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseTPMKey
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseTPMPIN
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseTPMKeyPIN
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseTPM
Require additional authentication at startup (Windows Server 2008 and Windows Vista)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EnableNonTPM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UsePartialEncryptionKey
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UsePIN
Enforce drive encryption type on operating system drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSEncryptionType
Choose how BitLocker-protected operating system drives can be recovered
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSRecovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSManageDRA
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSRecoveryPassword
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSRecoveryKey
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSHideRecoveryPage
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSRequireActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSActiveDirectoryInfoToStore
Use enhanced Boot Configuration Data validation profile
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSUseEnhancedBcdProfile
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSBcdAdditionalSecurityCriticalSettings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSBcdAdditionalExcludedSettings
Validate smart card certificate usage rule compliance
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
CertificateOID
Provide the unique identifiers for your organization
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
IdentificationField
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
IdentificationFieldString
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
SecondaryIdentificationField
Disallow standard users from changing the PIN or password
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
DisallowStandardUserPINReset
Reset platform validation data after BitLocker recovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
TPMAutoReseal
Configure use of passwords for operating system drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSPassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSPassphraseComplexity
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSPassphraseLength
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSPassphraseASCIIOnly
Allow enhanced PINs for startup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseEnhancedPin
Configure pre-boot recovery message and URL
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RecoveryKeyMessageSource
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RecoveryKeyMessage
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RecoveryKeyUrl
Disable new DMA devices when this computer is locked
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
DisableExternalDMAUnderLock
Prevent memory overwrite on restart
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
MorBehavior
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EncryptionMethodWithXtsOs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EncryptionMethodWithXtsFdv
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EncryptionMethodWithXtsRdv
Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EncryptionMethodNoDiffuser
Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EncryptionMethod
Choose default folder for recovery password
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
DefaultRecoveryFolderPath
Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseRecoveryPassword
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseRecoveryDrive
Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
ActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RequireActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
ActiveDirectoryInfoToStore
Use enhanced Boot Configuration Data validation profile
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSUseEnhancedBcdProfile
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSBcdAdditionalSecurityCriticalSettings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSBcdAdditionalExcludedSettings
Reset platform validation data after BitLocker recovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
TPMAutoReseal
Configure use of passwords for operating system drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSPassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSPassphraseComplexity
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSPassphraseLength
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSPassphraseASCIIOnly
Allow enhanced PINs for startup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseEnhancedPin
Operating system drive encryption settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EnableBDEWithNoTPM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
DisallowStandardUserPINReset
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UsePartialEncryptionKey
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UsePIN
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseAdvancedStartup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseTPM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseTPMKey
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseTPMPIN
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
UseTPMKeyPIN
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
MinimumPIN
Choose how BitLocker-protected removable drives can be recovered
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVRecovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVManageDRA
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVRecoveryPassword
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVRecoveryKey
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVHideRecoveryPage
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVActiveDirectoryInfoToStore
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVRequireActiveDirectoryBackup
Configure use of passwords for removable data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVPassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVEnforcePassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVPassphraseComplexity
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVPassphraseLength
Allow access to BitLocker-protected removable data drives from earlier versions of Windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVDiscoveryVolumeType
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVNoBitLockerToGoReader
Deny write access to removable drives not protected by BitLocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVDenyCrossOrg
Control use of BitLocker on removable drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVConfigureBDE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVAllowBDE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RDVDisableBDE
Choose how BitLocker-protected fixed drives can be recovered
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVRecovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVManageDRA
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVHideRecoveryPage
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVActiveDirectoryInfoToStore
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVRequireActiveDirectoryBackup
Configure use of passwords for fixed data drives
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVPassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVEnforcePassphrase
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVPassphraseComplexity
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVPassphraseLength
Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVDiscoveryVolumeType
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
FDVNoBitLockerToGoReader
Configure pre-boot recovery message and URL
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RecoveryKeyMessageSource
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RecoveryKeyMessage
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
RecoveryKeyUrl
Choose how BitLocker-protected operating system drives can be recovered
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSRecovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSManageDRA
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSHideRecoveryPage
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSActiveDirectoryBackup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSActiveDirectoryInfoToStore
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
OSRequireActiveDirectoryBackup
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EncryptionMethodWithXtsOs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EncryptionMethodWithXtsFdv
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EncryptionMethodWithXtsRdv
Choose drive encryption method and cipher strength.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
EncryptionMethod
Provide the unique identifiers for your organization
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
IdentificationField
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
IdentificationFieldString
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
SecondaryIdentificationField
Validate smart card certificate usage rule compliance
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
CertificateOID
Prevent memory overwrite on restart
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE\
MorBehavior
×
Search in Group Policy Administrative Templates