deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 03:43:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

policies

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-09-25 10:13:10 -04:00
parent d07bbb3b3e
commit 7088c03894
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/operating-system-security/data-protection/bitlocker/includes/allow-standard-user-encryption.md
View File

@ -7,9 +7,9 @@ ms.topic: include
### Allow Standard User Encryption
With this policy you can enforce the *RequireDeviceEncryption* policy for scenarios where policy is pushed while current logged-on user is non-admin/standard user.
With this policy you can enforce the [*RequireDeviceEncryption*](../policy-settings.md?tabs=os#require-device-encryption) policy for scenarios where policy is applied while current logged-on user is non-admin/standard user.
*AllowStandardUserEncryption* policy is tied to [Allow warning for other disk encryption](#allow-warning-for-other-disk-encryption) policy being disabled (value `0`).
*AllowStandardUserEncryption* policy is tied to [Allow warning for other disk encryption](../policy-settings.md?tabs=os#allow-warning-for-other-disk-encryption) policy being disabled (value `0`).
If *AllowWarningForOtherDiskEncryption* isn't set, or is set to `1`, *RequireDeviceEncryption* policy doesn't try to encrypt drive(s) if a standard user is logged-on.

2
windows/security/operating-system-security/data-protection/bitlocker/includes/disable-new-dma-devices-when-this-computer-is-locked.md
View File

@ -7,7 +7,7 @@ ms.topic: include
### Disable new DMA devices when this computer is locked
This policy setting allows you to block direct memory access (DMA) for all Thunderbolt hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host Thunderbolt PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug Thunderbolt PCI ports with no children devices, until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged or the system is rebooted or hibernated. This policy setting is only enforced when BitLocker or device encryption is enabled. Note: Some PCs may not be compatible with this policy if the system firmware enables DMA for newly attached Thunderbolt devices before exposing the new devices to Windows.
This policy allows blocking direct memory access (DMA) for all Thunderbolt hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host Thunderbolt PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug Thunderbolt PCI ports with no children devices, until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged or the system is rebooted or hibernated. This policy setting is only enforced when BitLocker or device encryption is enabled. Note: Some PCs may not be compatible with this policy if the system firmware enables DMA for newly attached Thunderbolt devices before exposing the new devices to Windows.
| | Path |
|--|--|