This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started following BitLocker recovery. If you enable this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery. If you disable this policy setting, platform validation data will not be refreshed when Windows is started following BitLocker recovery. If you do not configure this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery. Countermeasure: If you wish to prevent BitLocker from refreshing platform validation data after recovery disable this policy setting. Potential Impact: If you disable this policy setting, platform validation data will not be refreshed when Windows is started following BitLocker recovery.

[enabled/disabled]

(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Reset platform validation data after BitLocker recovery (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE!TPMAutoReseal