Share via


TCGSecurityActivationDisabled

Applies To: Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista

TCGSecurityActivationDisabled specifies whether Windows® automatically configures encrypted drives (eDrives), also known as encrypted hard disk drives (eHDDs).

TCGSecurityActivationDisabled sets the Group Policy administrative template setting: Do not automatically encrypt files moved to encrypted folders. This Group Policy setting is used after Windows is installed and started up. The setting specifies, for unprovisioned eDrives, whether security should be activated on the eDrive during provisioning. Use the DisableEncryptedDiskProvisioning unattend setting for configuring the operating system installation for the target HDD.

Note

The eDrive must be configured in the unattend file by using the settings in Microsoft-Windows-Setup\DiskConfiguration\Disk. If the drives are configured manually, then the eDrive configuration policy may not be properly configured.

Values

1

Specifies that Windows does not automatically encrypt eDrives.

0

Specifies that Windows automatically encrypts eDrives. This is the default value.

Valid Configuration Passes

specialize

Parent Hierarchy

Microsoft-Windows-EnhancedStorage-Adm | TCGSecurityActivationDisabled

Applies To

For a list of the Windows editions and architectures that this component supports, see Microsoft-Windows-EnhancedStorage-Adm.

XML Example

The following XML output shows how to configure Windows so that Windows does not automatically encrypt eDrives.

<TCGSecurityActivationDisabled>1</TCGSecurityActivationDisabled>

See Also

Concepts

Microsoft-Windows-EnhancedStorage-Adm
DisableEncryptedDiskProvisioning
DiskConfiguration

Other Resources

Encrypted Drives (eDrive) Reference