I have a laptop computer with a compatible TPM, I am running Windows 7 Ultimate. What would be the correct group policies to enable for maximum protection with bitlocker? The documentation that I find on Microsoft all assume that Active Directory is available which in my case is not. Scamble

Hi Scamble, As far as I know, BitLocker Group Policy settings can be found in the Local Group Policy Editor under Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption. You can configure Require additional authentication at startup option to enable maximum protection. In addition, you can also Allow enhanced PINs for startup and Configure minimum PIN length to enhance the PIN code for security consideration. Please notice: the above group policy can be also configured in a standalone Windows 7 by running "gpedit.msc" Please see BitLocker Group Policy Reference http://technet.microsoft.com/en-us/library/ee706521(WS.10).aspx#BKMK_unlockpol1 Hope this can help. Scorprio TechNet Software Assurance Managed Newsgroup MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin | System Architect