This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the ...

Windows 10

This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.

If you enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlock the drive.

If you disable or do not configure this policy setting, the TPM uses the default platform validation profile or the platform validation profile specified by the setup script. A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23, The default platform validation profile secures the encryption key against changes to the Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (PCR 0), the Option ROM Code (PCR 2), the Master Boot Record (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the Boot Manager (PCR 10), and the BitLocker Access Control (PCR 11). The descriptions of PCR settings for computers that use an Extensible Firmware Interface (EFI) are different than the PCR settings described for computers that use a standard BIOS.

Warning: Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs.

This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer. File ... This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header. If you enable this ... This policy setting allows you to configure how new tabs are created by default in Internet Explorer. If you enable this ... This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain ... This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the ... This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the ... This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the ... This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications. ... This policy setting allows you to configure Information Protection Control (IPC). If you enable this setting, IPC will be ...