deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-10-17 14:06:22 -04:00
parent fc2fa0623b
commit 61790c02b5
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/operating-system-security/data-protection/bitlocker/includes/configure-minimum-pin-length-for-startup.md
View File

@ -12,7 +12,7 @@ This policy configures a minimum length for a Trusted Platform Module (TPM) star
If you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN.\
If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits.
The TPM can be configured to use Dictionary Attack Prevention parameters ([lockout threshold and lockout duration](../../../../hardware-security/tpm/trusted-platform-module-services-group-configure.md) to control how many failed authorizations attempts are allowed before the TPM is locked out, and how much time must elapse before another attempt can be made.
The TPM can be configured to use Dictionary Attack Prevention parameters ([lockout threshold and lockout duration](../../../../hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md) to control how many failed authorizations attempts are allowed before the TPM is locked out, and how much time must elapse before another attempt can be made.
The Dictionary Attack Prevention Parameters provide a way to balance security needs with usability. For example, when BitLocker is used with a TPM + PIN configuration, the number of PIN guesses is limited over time. A TPM 2.0 in this example could be configured to allow only 32 PIN guesses immediately, and then only one more guess every two hours. This number of attempts totals to a maximum of about 4415 guesses per year. If the PIN is four digits, all 9999 possible PIN combinations could be attempted in a little over two years.

2
windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
View File

@ -72,7 +72,7 @@ Configuration of encrypted hard drives as startup drives is done using the same
There are three related policy settings that help you manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption:
- [Configure use of hardware-based encryption for fixed data drives](bitlocker/policy-settings.md#configure-use-of-hardware-based-encryption-for-fixed-data-drives)
- [Configure use of hardware-based encryption for fixed data drives](bitlocker/configure.md#configure-use-of-hardware-based-encryption-for-fixed-data-drives)
- [Configure use of hardware-based encryption for removable data drives](bitlocker/policy-settings.md#configure-use-of-hardware-based-encryption-for-removable-data-drives)
- [Configure use of hardware-based encryption for operating system drives](bitlocker/policy-settings.md#configure-use-of-hardware-based-encryption-for-operating-system-drives)