You need to ensure that you can turn on BitLocker Drive…

You have a Hyper-V host named Server1 that runs Windows Server 2016.
Server1 has a generation 2 virtual machine named VM1 that runs Windows 10.
You need to ensure that you can turn on BitLocker Drive Encryption (BitLocker) for drive C: on VM1. What
should you do?

You have a Hyper-V host named Server1 that runs Windows Server 2016.
Server1 has a generation 2 virtual machine named VM1 that runs Windows 10.
You need to ensure that you can turn on BitLocker Drive Encryption (BitLocker) for drive C: on VM1. What
should you do?

A.
From Server1, install the BitLocker feature.

B.
From Server1, enable nested virtualization for VM1.

C.
From VM1, configure the Require additional authentication at startup Group Policy setting.

D.
From VM1, configure the Enforce drive encryption type on fixed data drives Group Policy setting.

Explanation:
https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
If you don’t use TPM for protecting a drive, there is no such Virtual TPM or VM Generation, or VM Configuration
version requirement, you can even use Bitlocker
without TPM Protector with earlier versions of Windows.
How to Use BitLocker Without a TPM
You can bypass this limitation through a Group Policy change. If your PC is joined to a business or school
domain, you can’t change the Group Policy setting
yourself. Group policy is configured centrally by your network administrator.
To open the Local Group Policy Editor, press Windows+R on your keyboard, type “gpedit.msc” into the Run
dialog box, and press Enter.
Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows
Components > BitLocker Drive Encryption > Operating
System Drives in the left pane.

Double-click the “Require additional authentication at startup” option in the right pane.

Select “Enabled” at the top of the window, and ensure the “Allow BitLocker without a compatible TPM
(requires a password or a startup key on a USB
flash drive)” checkbox is enabled here.
Click “OK” to save your changes. You can now close the Group Policy Editor window. Your change takes effect
immediately—you don’t even need to reboot.



Leave a Reply 0

Your email address will not be published. Required fields are marked *