Created
October 11, 2021 14:14
-
-
Save brianfgonzalez/3a013176ddf4a9d846e379b1d7ce2dc3 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-16"?> | |
| <DesiredConfigurationDigest xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/07/10/DesiredConfiguration"> | |
| <!--Authored against the following schema version: 5--> | |
| <ConfigurationPolicy AuthoringScopeId="ScopeId_7DA39272-F456-41A7-9E87-14EFC4F3D726" | |
| LogicalName="ConfigurationPolicy_01287168-7a17-494d-8009-f7cd24dd9c60" | |
| Version="5" | |
| ConfigurationFlags="8"> | |
| <Annotation xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules"> | |
| <DisplayName Text="Bitlocker Policy Test" | |
| ResourceId="ID-fcaeb424-bd4b-4e73-b309-59276f42eeb0"/> | |
| <Description Text=""/> | |
| </Annotation> | |
| <Rules> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_NoOverwritePolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: NoOverwritePolicy_Name" | |
| ResourceId="NoOverwritePolicy_Name"/> | |
| <Description Text="Prevent memory overwrite on restart" | |
| ResourceId="NoOverwritePolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_NoOverwritePolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| NoOverwritePolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="MorBehavior" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_ScCompliancePolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: ScCompliancePolicy_Name" | |
| ResourceId="ScCompliancePolicy_Name"/> | |
| <Description Text="Validate smart card certificate usage rule compliance" | |
| ResourceId="ScCompliancePolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_ScCompliancePolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| ScCompliancePolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="CertificateOID" | |
| type="STRING" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_UidPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: UidPolicy_Name" | |
| ResourceId="UidPolicy_Name"/> | |
| <Description Text="Provide the unique identifiers for your organization" | |
| ResourceId="UidPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_UidPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| UidPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="IdentificationField" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="IdentificationFieldString" | |
| type="STRING" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="SecondaryIdentificationField" | |
| type="STRING" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_MoreInfoUrlPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: MoreInfoUrlPolicy_Name" | |
| ResourceId="MoreInfoUrlPolicy_Name"/> | |
| <Description Text="Provide the URL for the Security Policy link" | |
| ResourceId="MoreInfoUrlPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_MoreInfoUrlPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| MoreInfoUrlPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="MoreInformationUrl" | |
| type="STRING" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_BLEncryptionMethodPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: BLEncryptionMethodPolicy_Name" | |
| ResourceId="BLEncryptionMethodPolicy_Name"/> | |
| <Description Text="Choose drive encryption method and cipher strength." | |
| ResourceId="BLEncryptionMethodPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_BLEncryptionMethodPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| BLEncryptionMethodPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="Enabled">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="EncryptionMethod" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="3"/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_BLEncryptionMethodWithXts" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: BLEncryptionMethodWithXts_Name" | |
| ResourceId="BLEncryptionMethodWithXts_Name"/> | |
| <Description Text="Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)" | |
| ResourceId="BLEncryptionMethodWithXts_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_BLEncryptionMethodWithXts" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| BLEncryptionMethodWithXts" | |
| class="Machine" | |
| supportedon="windows:SUPPORTED_Windows_10_0" | |
| state="Enabled">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="EncryptionMethodWithXtsOs" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="6"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="EncryptionMethodWithXtsFdv" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="6"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="EncryptionMethodWithXtsRdv" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="3"/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_PrebootRecoveryInfo" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: PrebootRecoveryInfo_Name" | |
| ResourceId="PrebootRecoveryInfo_Name"/> | |
| <Description Text="Configure pre-boot recovery message and URL" | |
| ResourceId="PrebootRecoveryInfo_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_PrebootRecoveryInfo" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| PrebootRecoveryInfo" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows_10_0_NOARM" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RecoveryKeyMessageSource" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RecoveryKeyMessage" | |
| type="STRING" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RecoveryKeyUrl" | |
| type="STRING" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_FDVDenyWriteAccessPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: FDVDenyWriteAccessPolicy_Name" | |
| ResourceId="FDVDenyWriteAccessPolicy_Name"/> | |
| <Description Text="Deny write access to fixed drives not protected by BitLocker" | |
| ResourceId="FDVDenyWriteAccessPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_FDVDenyWriteAccessPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| FDVDenyWriteAccessPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="FDVDenyWriteAccess" | |
| type="DWORD" | |
| isdeleted="true" | |
| value="" | |
| redirect="System\CurrentControlSet\Policies\Microsoft\FVE"/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_FDVHybridAccessPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: FDVHybridAccessPolicy_Name" | |
| ResourceId="FDVHybridAccessPolicy_Name"/> | |
| <Description Text="Allow access to BitLocker-protected fixed data drives from earlier versions of Windows" | |
| ResourceId="FDVHybridAccessPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_FDVHybridAccessPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| FDVHybridAccessPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="FDVDiscoveryVolumeType" | |
| type="STRING" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="FDVNoBitLockerToGoReader" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_FDVPassPhrasePolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: FDVPassPhrasePolicy_Name" | |
| ResourceId="FDVPassPhrasePolicy_Name"/> | |
| <Description Text="Configure use of passwords for fixed data drives" | |
| ResourceId="FDVPassPhrasePolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_FDVPassPhrasePolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| FDVPassPhrasePolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows8NoARM" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="FDVPassphrase" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="FDVEnforcePassphrase" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="FDVPassphraseComplexity" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="FDVPassphraseLength" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_RDVConfigureBDEPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: RDVConfigureBDEPolicy_Name" | |
| ResourceId="RDVConfigureBDEPolicy_Name"/> | |
| <Description Text="Control use of BitLocker on removable drives" | |
| ResourceId="RDVConfigureBDEPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_RDVConfigureBDEPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| RDVConfigureBDEPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="Enabled">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVConfigureBDE" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVAllowBDE" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVDisableBDE" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_RDVDenyWriteAccessPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: RDVDenyWriteAccessPolicy_Name" | |
| ResourceId="RDVDenyWriteAccessPolicy_Name"/> | |
| <Description Text="Deny write access to removable drives not protected by BitLocker" | |
| ResourceId="RDVDenyWriteAccessPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_RDVDenyWriteAccessPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| RDVDenyWriteAccessPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="Enabled">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVDenyWriteAccess" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1" | |
| redirect="System\CurrentControlSet\Policies\Microsoft\FVE"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVDenyCrossOrg" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_RDVHybridAccessPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: RDVHybridAccessPolicy_Name" | |
| ResourceId="RDVHybridAccessPolicy_Name"/> | |
| <Description Text="Allow access to BitLocker-protected removable data drives from earlier versions of Windows" | |
| ResourceId="RDVHybridAccessPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_RDVHybridAccessPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| RDVHybridAccessPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="Enabled">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVDiscoveryVolumeType" | |
| type="STRING" | |
| isdeleted="false" | |
| value="FAT32"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVNoBitLockerToGoReader" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="0"/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_RDVPassPhrasePolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: RDVPassPhrasePolicy_Name" | |
| ResourceId="RDVPassPhrasePolicy_Name"/> | |
| <Description Text="Configure use of passwords for removable data drives" | |
| ResourceId="RDVPassPhrasePolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_RDVPassPhrasePolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| RDVPassPhrasePolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="Enabled">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVPassphrase" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVEnforcePassphrase" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVPassphraseComplexity" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="2"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="RDVPassphraseLength" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="8"/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy" | |
| Severity="Warning" | |
| IsHidden="true" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: BMSOSDEncryptionPolicy_Name" | |
| ResourceId="BMSOSDEncryptionPolicy_Name"/> | |
| <Description Text="Operating system drive encryption settings" | |
| ResourceId="BMSOSDEncryptionPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_BMSOSDEncryptionPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| BMSOSDEncryptionPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="Enabled">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="ShouldEncryptOSDrive" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="EnableBDEWithNoTPM" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="0"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="OSDriveProtector" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="DisallowStandardUserPINReset" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="UsePartialEncryptionKey" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="2"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="UsePIN" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="2"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="UseAdvancedStartup" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="UseTPM" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="2"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="UseTPMKey" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="2"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="UseTPMPIN" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="2"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="UseTPMKeyPIN" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="2"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="MinimumPIN" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="4"/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_EnhancedPIN" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: EnhancedPIN_Name" | |
| ResourceId="EnhancedPIN_Name"/> | |
| <Description Text="Allow enhanced PINs for startup" | |
| ResourceId="EnhancedPIN_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_EnhancedPIN" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| EnhancedPIN" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="UseEnhancedPin" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="OSEnhancedPINASCIIOnly" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_OSPassphrase" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: OSPassphrase_Name" | |
| ResourceId="OSPassphrase_Name"/> | |
| <Description Text="Configure use of passwords for operating system drives" | |
| ResourceId="OSPassphrase_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_OSPassphrase" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| OSPassphrase" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows8NoARM" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="OSPassphrase" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="OSPassphraseComplexity" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="OSPassphraseLength" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="OSPassphraseASCIIOnly" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_BMSFDVEncryptionPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: BMSFDVEncryptionPolicy_Name" | |
| ResourceId="BMSFDVEncryptionPolicy_Name"/> | |
| <Description Text="Fixed data drive encryption settings" | |
| ResourceId="BMSFDVEncryptionPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_BMSFDVEncryptionPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| BMSFDVEncryptionPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="ShouldEncryptFixedDataDrive" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="AutoUnlockFixedDataDrive" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_BMSClientConfigureCheckIntervalPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: BMSClientConfigureCheckIntervalPolicy_Name" | |
| ResourceId="BMSClientConfigureCheckIntervalPolicy_Name"/> | |
| <Description Text="Configure MBAM services" | |
| ResourceId="BMSClientConfigureCheckIntervalPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_BMSClientConfigureCheckIntervalPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| BMSClientConfigureCheckIntervalPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="Enabled">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="UseMBAMServices" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="UseKeyRecoveryService" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1" | |
| isExposed="true"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="KeyRecoveryOptions" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="1"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="ClientWakeupFrequency" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="5" | |
| isExposed="true"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="UseStatusReportingService" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="0"/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="StatusReportingServiceEndpoint" | |
| type="STRING" | |
| isdeleted="false" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="StatusReportingFrequency" | |
| type="DWORD" | |
| isdeleted="false" | |
| value="720"/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_BMSUserExemptionPolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: BMSUserExemptionPolicy_Name" | |
| ResourceId="BMSUserExemptionPolicy_Name"/> | |
| <Description Text="Configure user exemption policy" | |
| ResourceId="BMSUserExemptionPolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_BMSUserExemptionPolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| BMSUserExemptionPolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="AllowUserExemption" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="MaxTimeToGetUserExemption" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="UserExemptionMessageType" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="UserExemptionMessage" | |
| type="STRING" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_TPMAutoReseal" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: TPMAutoReseal_Name" | |
| ResourceId="TPMAutoReseal_Name"/> | |
| <Description Text="Reset platform validation data after BitLocker recovery" | |
| ResourceId="TPMAutoReseal_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_TPMAutoReseal" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| TPMAutoReseal" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows8NoARM" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE" | |
| valuename="TPMAutoReseal" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_UseOsEnforcePolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: UseOsEnforcePolicy_Name" | |
| ResourceId="UseOsEnforcePolicy_Name"/> | |
| <Description Text="Encryption Policy Enforcement Settings" | |
| ResourceId="UseOsEnforcePolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_UseOsEnforcePolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| UseOsEnforcePolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="UseOsEnforcePolicy" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="OsEnforcePolicyPeriod" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| <Rule xmlns="http://schemas.microsoft.com/SystemsCenterConfigurationManager/2009/06/14/Rules" | |
| id="BitLockerManagementSettings_0_UseFddEnforcePolicy" | |
| Severity="Warning" | |
| NonCompliantWhenSettingIsNotFound="true"> | |
| <Annotation> | |
| <DisplayName Text="Rule: UseFddEnforcePolicy_Name" | |
| ResourceId="UseFddEnforcePolicy_Name"/> | |
| <Description Text="Encryption Policy Enforcement Settings" | |
| ResourceId="UseFddEnforcePolicy_Desc"/> | |
| </Annotation> | |
| <Expression> | |
| <Operator>Equals</Operator> | |
| <Operands> | |
| <SettingReference AuthoringScopeId="GLOBAL" | |
| LogicalName="BitLocker_Management_Settings" | |
| DataType="String" | |
| SettingLogicalName="BitLockerManagementSettings_UseFddEnforcePolicy" | |
| SettingSourceType="CIM" | |
| Method="Value" | |
| Changeable="true"/> | |
| <ConstantValue Value="<policy name=" | |
| UseFddEnforcePolicy" | |
| class="Machine" | |
| supportedon="SUPPORTED_Windows7" | |
| state="NotConfigured">
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="UseFddEnforcePolicy" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
 <Setting key="SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement" | |
| valuename="FddEnforcePolicyPeriod" | |
| type="DWORD" | |
| isdeleted="true" | |
| value=""/>
</policy>" DataType="String"/></Operands> | |
| </Expression> | |
| <KeyPropertiesRules> | |
| <RuleExpression RuleId="BitLockerManagementSettings_0_BMSOSDEncryptionPolicy"/> | |
| </KeyPropertiesRules> | |
| </Rule> | |
| </Rules> | |
| </ConfigurationPolicy> | |
| </DesiredConfigurationDigest> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment