Configure use of smart cards on fixed data drives

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the "Require use of smart cards on fixed data drives" check box. Note: These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected fixed data drives. If you do not configure this policy setting, smart cards can be used to authenticate user access to a BitLocker-protected drive.

• Computer
  Allow access to BitLocker-protected fixed data drives from earlier versions of Windows

  At least Windows Server 2008 R2 or Windows 7 through Windows Server 2022 or Windows 11 Version 22H2
• Computer
  Choose how BitLocker-protected fixed drives can be recovered

  At least Windows Server 2008 R2 or Windows 7
• Computer
  Configure use of hardware-based encryption for fixed data drives

  At least Windows Server 2012 or Windows 8
• Computer
  Configure use of passwords for fixed data drives

  At least Windows Server 2008 R2 or Windows 7
• Computer
  Deny write access to fixed drives not protected by BitLocker

  At least Windows Server 2008 R2 or Windows 7
• Computer
  Enforce drive encryption type on fixed data drives

  At least Windows Server 2012 or Windows 8