• Windows 10
    		•

    Microsoft Windows Common Criteria Evaluation Microsoft Windows 10




    Download 298.26 Kb.
    bet22/60
    Sana04.01.2022
    Hajmi298.26 Kb.
    #4840
    1   ...   18   19   20   21   22   23   24   25   ...   60

    IT Administrator Guidance


    If volume encryption is enabled on the TOE, then the MDM solution can configure AES-256 as the default encryption to be used when a device is BitLockered. See the MDM solution documentation for detailed configuration actions.

      1. Windows 10

        1. Local Administrator Guidance


    The following TechNet topic describes the manage-bde command that should be executed in a command shell while running as an administrator to configure DAR protection:

    • Manage-bde: http://technet.microsoft.com/en-us/library/ff829849(v=ws.10).aspx

    By default AES128 encrypion is used by the manage-bde command when enabling BitLocker for Windows 10 (Anniversary Update) – the AES256 algorithm should be used instead. In addition, the TPM and PIN authorization factor must be used in the evaluated configuration. The Enhanced PIN capabilities must be used in the evaluated configuration.

    To enable the TPM and Enhanced PIN authorization factors execute the following command:



    • Manage-bde –on : -tpmandpin -encryptionMethod aes256

    A USB keyboard is necessary to enter the Enhanced PIN to unlock the drive at boot on some devices.

    The following is a link to BitLocker Policy settings:



    • https://technet.microsoft.com/en-us/library/jj679890.aspx

    Administrators must create an Enhanced PIN value with a minimum of four and a maximum of 20 numeric characters, but can also include uppercase and lowercase English letters, symbols on an EN-US keyboard, numbers, and spaces. To enable the Enhanced PIN capabilities start the gpedit.msc MMC snap-in as an administrator and enable the following local or group policy:

    Other BitLocker policies that must be enabled to use the TPM and Enhanced PIN authenticator are:

    • Administrative Templates\Windows Components\Bitlocker Drive Encryption\Operating System Drives\Enable use of BitLocker authentication requiring preboot keyboard input on slates

    • Administrative Templates\Windows Components\Bitlocker Drive Encryption\Operating System Drives\Require additional authentication at startup


        1. Download 298.26 Kb.
    1   ...   18   19   20   21   22   23   24   25   ...   60




    Download 298.26 Kb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    Microsoft Windows Common Criteria Evaluation Microsoft Windows 10

    Download 298.26 Kb.