I have installed windows 10 enterprise. The BitLocker suddenly not accepting password after entering correct password also windows 10 enterprise bitlocker configuration free saying enter password again. Was this reply helpful? Yes No. Sorry this didn't help. Choose where you want to search bitoocker Search Search the Community. Search the community and support articles Windows Windows 10 Search Community member.
Hi Everyone, I have installed windows 10 enterprise. This thread is locked. You can follow the question or vote as helpful, but you cannot reply to this thread. I have the same question 0. Report abuse. Details required :. Cancel Submit. Hi Sara. If Bitlocker is enabled on your hard drive this may have been done at the factory, which the manufacturer's Support should tell you and provide what you need to know.
Due to number of similar cases with files lost I would not use Bitlocker. Instead I would periodically drag my User folders to external USB which I keep unplugged to protect against ransomware.
If you want to report this to Microsoft use the Feedback Hub app in Start Menu where developers are tasked to process consumer feedback. They will not even see it here. This is a tech forums staffed mostly by volunteers trying to help others with your problems. If you want to post back a Share link from windows 10 enterprise bitlocker configuration free Feedback here others who see this thread can vote it up and add to it. I hope this helps. Feel free to ask back any questions and keep me posted.
I will keep working with you until it's resolved. Donfiguration pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP Potentially Unwanted Products.
Thoroughly research any product advertised on the sites before windows 10 enterprise bitlocker configuration free wnterprise to download and install it. Thanks for your feedback. How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site.
This site in other languages x.
DEFAULT
DEFAULT
http://replace.me - BitLocker overview and requirements FAQ (Windows 10) - Windows security | Microsoft Docs
Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to make it mandatory for the entire drive to be encrypted when BitLocker is turned on. Choose Used Space Only encryption to make it mandatory to encrypt only that portion of the drive that is used to store data when BitLocker is turned on.
This policy is ignored when you are shrinking or expanding a volume and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space isn't wiped as it would be for a drive that is using Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: manage-bde -w.
If the volume is shrunk, no action is taken for the new free space. For more information about the tool to manage BitLocker, see Manage-bde.
This policy controls whether operating system drives utilize Full encryption or Used Space Only encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user.
This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method. For example, when a drive that is using Used Space Only encryption is expanded, the new free space isn't wiped as it would be for a drive that uses Full encryption. This policy controls whether fixed data drives utilize Full encryption or Used Space Only encryption. For example, when a drive that is using Used Space Only encryption is expanded, the new free space isn't wiped as it would be for a drive that is using Full Encryption.
The Allow data recovery agent check box is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. For more information about adding data recovery agents, see BitLocker basic deployment. In Configure user storage of BitLocker recovery information , select whether users are allowed, required, or not allowed to generate a digit recovery password.
Select Omit recovery options from the BitLocker setup wizard to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you can't specify which recovery option to use when you enable BitLocker. Instead, BitLocker recovery options for the drive are determined by the policy setting.
Storing the key package supports the recovery of data from a drive that is physically corrupted. Select the Do not enable BitLocker until recovery information is stored in AD DS for operating system drives check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. If the Do not enable BitLocker until recovery information is stored in AD DS for operating system drives check box is selected, a recovery password is automatically generated.
This policy setting is used to configure recovery methods for BitLocker-protected drives on computers running Windows Server or Windows Vista. This policy is only applicable to computers running Windows Server or Windows Vista.
Two recovery options can be used to unlock BitLocker-encrypted data in the absence of the required startup key information. Users can type a digit numerical recovery password, or they can insert a USB drive that contains a bit recovery key.
Saving the recovery password to a USB drive stores the digit recovery password as a text file and the bit recovery key as a hidden file. Saving the recovery password to a folder stores the digit recovery password as a text file.
Printing the recovery password sends the digit recovery password to the default printer. For example, not allowing the digit recovery password prevents users from printing or saving recovery information to a folder. The digit recovery password isn't available in FIPS-compliance mode.
To prevent data loss, you must have a way to recover BitLocker encryption keys. Otherwise, a policy error occurs. This provides an administrative method of recovering data that is encrypted by BitLocker to prevent data loss due to lack of key information. BitLocker recovery information includes the recovery password and unique identifier data.
You can also include a package that contains an encryption key for a BitLocker-protected drive. This key package is secured by one or more recovery passwords, and it can help perform specialized recovery when the disk is damaged or corrupted. This option is selected by default to help ensure that BitLocker recovery is possible.
A recovery password is a digit number that unlocks access to a BitLocker-protected drive. Key packages may help perform specialized recovery when the disk is damaged or corrupted. TPM initialization might be needed during the BitLocker setup. This policy setting doesn't prevent the user from saving the recovery password in another folder. The Allow data recovery agent check box is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives.
In Configure user storage of BitLocker recovery information , select whether users can be allowed, required, or not allowed to generate a digit recovery password or a bit recovery key. Storing the key package supports recovering data from a drive that has been physically corrupted. To recover this data, you can use the Repair-bde command-line tool. For more information about the BitLocker repair tool, see Repair-bde. Select the Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
If the Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives check box is selected, a recovery password is automatically generated. The Allow data recovery agent check box is used to specify whether a data recovery agent can be used with BitLocker-protected removable data drives. In Configure user storage of BitLocker recovery information , select whether users can be allowed, required, or not allowed to generate a digit recovery password.
Select the Do not enable BitLocker until recovery information is stored in AD DS for removable data drives check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. This policy setting is used to configure the entire recovery message and to replace the existing URL that is displayed on the pre-boot recovery screen when the operating system drive is locked.
Enabling the Configure the pre-boot recovery message and URL policy setting allows you to customize the default recovery screen message and URL to assist customers in recovering their key. Not all characters and languages are supported in the pre-boot environment. We strongly recommended that you verify the correct appearance of the characters that you use for the custom message and URL on the pre-boot recovery screen.
Because you can alter the BCDEdit commands manually before you have set Group Policy settings, you can't return the policy setting to the default setting by selecting the Not Configured option after you have configured this policy setting. To return to the default pre-boot recovery screen leave the policy setting enabled and select the Use default message options from the Choose an option for the pre-boot recovery message drop-down list box.
This policy controls how BitLocker-enabled system volumes are handled with the Secure Boot feature. When enabled or not configured BitLocker uses Secure Boot for platform integrity if the platform is capable of Secure Boot-based integrity validation.
When disabled BitLocker uses legacy platform integrity validation, even on systems that are capable of Secure Boot-based integrity validation.
Secure boot ensures that the computer's pre-boot environment loads only firmware that is digitally signed by authorized software publishers.
Secure boot also started providing more flexibility for managing pre-boot configurations than BitLocker integrity checks prior to Windows Server and Windows 8.
When this policy is enabled and the hardware is capable of using secure boot for BitLocker scenarios, the Use enhanced Boot Configuration Data validation profile group policy setting is ignored, and secure boot verifies BCD settings according to the secure boot policy setting, which is configured separately from BitLocker.
Disabling this policy might result in BitLocker recovery when manufacturer-specific firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates. This policy setting is used to establish an identifier that is applied to all drives that are encrypted in your organization. These identifiers are stored as the identification field and the allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives.
This identifier is automatically added to new BitLocker-protected drives, and it can be updated on existing BitLocker-protected drives by using the Manage-bde command-line tool.
An identification field is required to manage certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker manages and updates data recovery agents only when the identification field on the drive matches the value that is configured in the identification field. In a similar manner, BitLocker updates the BitLocker To Go Reader only when the identification field's value on the drive matches the value that is configured for the identification field.
The allowed identification field is used in combination with the Deny write access to removable drives not protected by BitLocker policy setting to help control the use of removable drives in your organization.
It's a comma-separated list of identification fields from your organization or external organizations. You can configure the identification fields on existing drives by using the Manage-bde command-line tool. When a BitLocker-protected drive is mounted on another BitLocker-enabled computer, the identification field and the allowed identification field are used to determine whether the drive is from an external organization.
Multiple values separated by commas can be entered in the identification and allowed identification fields. The identification field can be any value upto characters. This policy setting is used to control whether the computer's memory will be overwritten the next time the computer is restarted. BitLocker secrets include key material that is used to encrypt data. This policy setting applies only when BitLocker protection is enabled.
A platform validation profile consists of a set of PCR indices that range from 0 to The default platform validation profile secures the encryption key against changes to the following:. Changing from the default platform validation profile affects the security and manageability of your computer. This policy setting determines what values the TPM measures when it validates early boot components before unlocking a drive on a computer running Windows Vista, Windows Server , or Windows 7.
BitLocker's sensitivity to platform modifications malicious or authorized is increased or decreased depending on inclusion or exclusion respectively of the PCRs. This policy setting determines what values the TPM measures when it validates early boot components before unlocking an operating system drive on a computer with native UEFI firmware configurations. If your environments use TPM and Secure Boot for platform integrity checks, this policy is configured.
When enabled Before you turn on BitLocker, you can configure the boot components that the TPM validates before it unlocks access to the BitLocker-encrypted operating system drive.
If any of these components change while BitLocker protection is in effect, the TPM doesn't release the encryption key to unlock the drive. Instead, the computer displays the BitLocker Recovery console and requires that the recovery password or the recovery key is provided to unlock the drive. When disabled or not configured BitLocker uses the default platform validation profile or the platform validation profile that is specified by the setup script.
This group policy setting only applies to computers with a native UEFI firmware configuration. A platform validation profile consists of a set of PCR indices ranging from 0 to This policy setting determines if you want platform validation data to refresh when Windows is started following a BitLocker recovery.
A platform validation data profile consists of the values in a set of Platform Configuration Register PCR indices that range from 0 to For more information about the recovery process, see the BitLocker recovery guide.
Until they are wiped or overwritten, deleted files hold information that could be recovered with common data forensic tools. Selecting an encryption type and choosing Next will give the user the option of running a BitLocker system check selected by default which will ensure that BitLocker can properly access the recovery and encryption keys before the volume encryption begins.
We recommend running this system check before starting the encryption process. If the system check isn't run and a problem is encountered when the operating system attempts to start, the user will need to provide the recovery key to start Windows. After completing the system check if selected , the BitLocker Drive Encryption Wizard restarts the computer to begin encryption. Upon reboot, users are required to enter the password chosen to boot into the operating system volume.
Users can check encryption status by checking the system notification area or the BitLocker control panel. Until encryption is completed, the only available options for managing BitLocker involve manipulation of the password protecting the operating system volume, backing up the recovery key, and turning off BitLocker. Encrypting data volumes using the BitLocker control panel interface works in a similar fashion to encryption of the operating system volumes.
Unlike for operating system volumes, data volumes aren't required to pass any configuration tests for the wizard to proceed.
Upon launching the wizard, a choice of authentication methods to unlock the drive appears. The available options are password and smart card and automatically unlock this drive on this computer. Disabled by default, the latter option will unlock the data volume without user input when the operating system volume is unlocked.
After selecting the desired authentication method and choosing Next , the wizard presents options for storage of the recovery key. These options are the same as for operating system volumes. With the recovery key saved, selecting Next in the wizard will show available options for encryption. These options are the same as for operating system volumes; used disk space only and full drive encryption.
If the volume being encrypted is new or empty, it's recommended that used space only encryption is selected. With an encryption method chosen, a final confirmation screen is displayed before the encryption process begins.
Selecting Start encrypting begins encryption. There's a new option for storing the BitLocker recovery key using the OneDrive. This option requires that computers aren't members of a domain and that the user is using a Microsoft Account.
Local accounts don't give the option to use OneDrive. Using the OneDrive option is the default, recommended recovery key storage method for computers that aren't joined to a domain. Users can verify whether the recovery key was saved properly by checking their OneDrive for the BitLocker folder which is created automatically during the save process.
The folder will contain two files, a readme. For users storing more than one recovery password on their OneDrive, they can identify the required recovery key by looking at the file name. The recovery key ID is appended to the end of the file name. This option is available on client computers by default. On servers, you must first install the BitLocker and Desktop-Experience features for this option to be available.
After selecting Turn on BitLocker , the wizard works exactly as it does when launched using the BitLocker control panel. The following table shows the compatibility matrix for systems that have been BitLocker-enabled and then presented to a different version of Windows. Table 1: Cross compatibility for Windows 11, Windows 10, Windows 8.
Manage-bde is a command-line utility that can be used for scripting BitLocker operations. Manage-bde offers additional options not displayed in the BitLocker control panel.
For a complete list of the options, see Manage-bde. Manage-bde offers a multitude of wider options for configuring BitLocker. So using the command syntax may require care and possibly later customization by the user. For example, using just the manage-bde -on command on a data volume will fully encrypt the volume without any authenticating protectors. A volume encrypted in this manner still requires user interaction to turn on BitLocker protection, even though the command successfully completed because an authentication method needs to be added to the volume for it to be fully protected.
Command-line users need to determine the appropriate syntax for a given situation. The following section covers general encryption for operating system volumes and data volumes. Listed below are examples of basic valid commands for operating system volumes.
However, many environments require more secure protectors such as passwords or PIN and expect to be able to recover information with a recovery key. A good practice when using manage-bde is to determine the volume status on the target system.
Use the following command to determine volume status:. This command returns the volumes on the target, current encryption status, and volume type operating system or data for each volume. Using this information, users can determine the best encryption method for their environment. Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive.
This configuration helps protect the operating system and the information in the encrypted drive. BitLocker supports TPM version 1.
BitLocker support for TPM 2. TPM 2. Devices with TPM 2. For added security Enable the Secure Boot feature. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer.
However, computers without TPMs will not be able to use the system integrity verification that BitLocker can also provide. To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process.
You can save it to a file, print it, or even back it up to the cloud. Back to Blog 13 Apr April 13, Leave a Reply Cancel reply. Related Posts 23 May May 23, In Hyper-V virtualization, a guest virtual machine has something called "Integration Services. I see this issue a lot out in the field. Admins sometimes create a confusing mess out of their Hybrid In my opinion, there is only one viable migration path to move data from old file servers to Microsoft
DEFAULT
DEFAULT
Windows 10 enterprise bitlocker configuration free.BitLocker Overview and Requirements FAQ
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. This article for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption. To control the drive encryption tasks the user can perform from the Windows Control Panel or to modify other configuration options, you can use Group Policy administrative templates or local computer policy settings.
How you configure these policy settings depends on how you implement BitLocker and what level of user interaction will be allowed. If a computer isn't compliant with existing Group Policy settings, BitLocker may not be turned on or modified until the computer is in a compliant state.
When a drive is out of compliance with Group Policy settings for example, if a Group Policy setting was changed after the initial BitLocker deployment in your organization, and then the setting was applied to previously encrypted drives , no change can be made to the BitLocker configuration of that drive except a change that will bring it into compliance.
If multiple changes are necessary to bring the drive into compliance, you must suspend BitLocker protection, make the necessary changes, and then resume protection. This situation could occur, for example, if a removable drive is initially configured to be unlocked with a password and then Group Policy settings are changed to disallow passwords and require smart cards.
In this situation, you need to suspend BitLocker protection by using the Manage-bde command-line tool, delete the password unlock method, and add the smart card method. After this is complete, BitLocker is compliant with the Group Policy setting and BitLocker protection on the drive can be resumed. The following sections provide a comprehensive list of BitLocker group policy settings that are organized by usage.
BitLocker group policy settings include settings for specific drive types operating system drives, fixed data drives, and removable data drives and settings that are applied to all drives. The following policy settings can be used to determine how a BitLocker-protected drive can be unlocked.
The following policy settings are used to control how users can access drives and how they can use BitLocker on their computers. The following policy settings determine the encryption methods and encryption types that are used with BitLocker. The following policy settings define the recovery methods that can be used to restore access to a BitLocker-protected drive if an authentication method fails or is unable to be used.
The preboot authentication option Require startup PIN with TPM of the Require additional authentication at startup policy is often enabled to help ensure security for older devices that don't support Modern Standby. But visually impaired users have no audible way to know when to enter a PIN. This setting enables an exception to the PIN-required policy on secure hardware.
This policy controls a portion of the behavior of the Network Unlock feature in BitLocker. This policy is required to enable BitLocker Network Unlock on a network because it allows clients running BitLocker to create the necessary network key protector during encryption. This policy is used with the BitLocker Drive Encryption Network Unlock Certificate security policy located in the Public Key Policies folder of Local Computer Policy to allow systems that are connected to a trusted network to properly utilize the Network Unlock feature.
To use a network key protector to unlock the computer, the computer and the server that hosts BitLocker Drive Encryption Network Unlock must be provisioned with a Network Unlock certificate. The Network Unlock certificate is used to create a network key protector and to protect the information exchange with the server to unlock the computer. This unlock method uses the TPM on the computer, so computers that don't have a TPM can't create network key protectors to automatically unlock by using Network Unlock.
For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the wired network or can't connect to the domain controller at startup. This policy setting is used to control which unlock options are available for operating system drives. Only one of the additional authentication options can be required at startup; otherwise, a policy error occurs. In this mode, a password or USB drive is required for startup.
The USB drive stores the startup key that is used to encrypt the drive. When the USB drive is inserted, the startup key is authenticated and the operating system drive is accessible. On a computer with a compatible TPM, additional authentication methods can be used at startup to improve protection for encrypted data.
When the computer starts, it can use:. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker. Not all computers support enhanced PIN characters in the preboot environment. It's strongly recommended that users perform a system check during the BitLocker setup to verify that enhanced PIN characters can be used.
The startup PIN must have a minimum length of four digits and can have a maximum length of 20 digits. Windows Hello has its own PIN for logon, length of which can be 4 to characters. The TPM can be configured to use Dictionary Attack Prevention parameters lockout threshold and lockout duration to control how many failed authorizations attempts are allowed before the TPM is locked out, and how much time must elapse before another attempt can be made.
The Dictionary Attack Prevention Parameters provide a way to balance security needs with usability. A TPM 2. This totals a maximum of about guesses per year. Increasing the PIN length requires a greater number of guesses for an attacker. In that case, the lockout duration between each guess can be shortened to allow legitimate users to retry a failed attempt sooner, while maintaining a similar level of protection.
To help organizations with the transition, beginning with Windows 10, version and Windows 10, version with the October , or Windows 11 cumulative update installed, the BitLocker PIN length is six characters by default, but it can be reduced to four characters. This policy setting is only enforced when BitLocker or device encryption is enabled. As explained in the Microsoft Security Guidance blog , in some cases when this setting is enabled, internal, PCI-based peripherals can fail, including wireless network drivers and input and audio peripherals.
This problem is fixed in the April quality update. This policy setting allows you to configure whether standard users are allowed to change the PIN or password that is used to protect the operating system drive. This policy controls how non-TPM based systems utilize the password protector.
Used with the Password must meet complexity requirements policy, this policy allows administrators to require password length and complexity for using the password protector. By default, passwords must be eight characters in length.
Complexity configuration options determine how important domain connectivity is for the client. For the strongest password security, administrators should choose Require password complexity because it requires domain connectivity, and it requires that the BitLocker password meets the same password complexity requirements as domain sign-in passwords. When enabled Users can configure a password that meets the requirements you define.
To enforce complexity requirements for the password, select Require complexity. When disabled or not configured The default length constraint of eight characters will apply to operating system drive passwords and no complexity checks will occur. If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the password. These settings are enforced when turning on BitLocker, not when unlocking a volume.
BitLocker allows unlocking a drive with any of the protectors that are available on the drive. When set to Require complexity , a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password. When set to Allow complexity , a connection to a domain controller is attempted to validate that the complexity adheres to the rules set by the policy.
If no domain controllers are found, the password will be accepted regardless of actual password complexity, and the drive will be encrypted by using that password as a protector. When set to Do not allow complexity , there is no password complexity validation. Passwords must be at least eight characters. To configure a greater minimum length for the password, enter the desired number of characters in the Minimum password length box.
When this policy setting is enabled, you can set the option Configure password complexity for operating system drives to:. This policy setting is used to control what unlock options are available for computers running Windows Server or Windows Vista. On a computer with a compatible TPM, two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can prompt users to insert a USB drive that contains a startup key.
It can also prompt users to enter a startup PIN with a length between 6 and 20 digits. These options are mutually exclusive. If you require the startup key, you must not allow the startup PIN.
If you require the startup PIN, you must not allow the startup key. Otherwise, a policy error will occur. To hide the advanced page on a TPM-enabled computer or device, set these options to Do not allow for the startup key and for the startup PIN. This policy setting is used to require, allow, or deny the use of smart cards with fixed data drives. These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker allows unlocking a drive by using any of the protectors that are available on the drive.
This policy setting is used to require, allow, or deny the use of passwords with fixed data drives. When set to Require complexity , a connection to a domain controller is necessary to validate the complexity of the password when BitLocker is enabled. However, if no domain controllers are found, the password is accepted regardless of the actual password complexity, and the drive is encrypted by using that password as a protector.
When set to Do not allow complexity , no password complexity validation is performed. This policy setting is configured on a per-computer basis. This means that it applies to local user accounts and domain user accounts. Because the password filter that's used to validate password complexity is located on the domain controllers, local user accounts can't access the password filter because they're not authenticated for domain access.
When this policy setting is enabled, if you sign in with a local user account, and you attempt to encrypt a drive or change a password on an existing BitLocker-protected drive, an "Access denied" error message is displayed. In this situation, the password key protector can't be added to the drive. Enabling this policy setting requires that connectivity to a domain be established before adding a password key protector to a BitLocker-protected drive.
Users who work remotely and have periods of time in which they can't connect to the domain should be made aware of this requirement so that they can schedule a time when they will be connected to the domain to turn on BitLocker or to change a password on a BitLocker-protected data drive.
Passwords can't be used if FIPS compliance is enabled. This policy setting is used to require, allow, or deny the use of smart cards with removable data drives. This policy setting is used to require, allow, or deny the use of passwords with removable data drives. If you choose to allow the use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. To configure a greater minimum length for the password, enter the wanted number of characters in the Minimum password length box.
When set to Require complexity , a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity of the password. When set to Allow complexity , a connection to a domain controller is be attempted to validate that the complexity adheres to the rules set by the policy. However, if no domain controllers are found, the password is still be accepted regardless of actual password complexity and the drive is encrypted by using that password as a protector.
DEFAULT
DEFAULT
DEFAULT
DEFAULT
3 comment