Configure use of smart cards on removable data drivesID: oval:org.secpod.oval:def:19595 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Configure use of smart cards on removable data drives machine setting should be configured correctly.
This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the "Require use of smart cards on removable data drives" check box. Note: These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives. If you do not configure this policy setting, smart cards are available to authenticate user access to a BitLocker-protected removable data drive.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Configure use of smart cards on removable data drives
(2) KEY: HKLM\Software\Policies\Microsoft\FVE\RDVAllowUserCert
Platform: |
Microsoft Windows Server 2008 R2 |