<html dir="ltr" xmlns:v="urn:schemas-microsoft-com:vml" gpmc_reportInitialized="false">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-16" />
<title>COEDEAN-Staff-BitLocker On</title>
<!-- Styles -->
<style type="text/css">
                body    { background-color:#FFFFFF; border:1px solid #666666; color:#000000; font-size:68%; font-family:MS Shell Dlg; margin:0,0,10px,0; word-break:normal; word-wrap:break-word; }

                table   { font-size:100%; table-layout:fixed; width:100%; }

                td,th   { overflow:visible; text-align:left; vertical-align:top; white-space:normal; }

                .title  { background:#FFFFFF; border:none; color:#333333; display:block; height:24px; margin:0px,0px,-1px,0px; padding-top:4px; position:relative; table-layout:fixed; width:100%; z-index:5; }

                .he0_expanded    { background-color:#FEF7D6; border:1px solid #BBBBBB; color:#3333CC; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:0px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he1_expanded    { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he1h_expanded   { background-color: #7197B3; border: 1px solid #BBBBBB; color: #000000; cursor: hand; display: block; font-family: MS Shell Dlg; font-size: 100%; font-weight: bold; height: 2.25em; margin-bottom: -1px; margin-left: 10px; margin-right: 0px; padding-left: 8px; padding-right: 5em; padding-top: 4px; position: relative; width: 100%; }

                .he1    { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he2    { background-color:#C0D2DE; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:30px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he3    { background-color:#D9E3EA; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:40px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he4    { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:50px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he4h   { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he4i   { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-bottom:5px; padding-left:21px; padding-top:4px; position:relative; width:100%; }

                .he5    { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:60px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he5h   { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; padding-right:5em; padding-top:4px; margin-bottom:-1px; margin-left:65px; margin-right:0px; position:relative; width:100%; }

                .he5i   { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:65px; margin-right:0px; padding-left:21px; padding-bottom:5px; padding-top: 4px; position:relative; width:100%; }

                DIV .expando { color:#000000; text-decoration:none; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:normal; position:absolute; right:10px; text-decoration:underline; z-index: 0; }

                .he0 .expando { font-size:100%; }

                .info, .info3, .info4, .disalign  { line-height:1.6em; padding:0px,0px,0px,0px; margin:0px,0px,0px,0px; }

                .disalign TD                      { padding-bottom:5px; padding-right:10px; }

                .info TD                          { padding-right:10px; width:50%; }

                .info3 TD                         { padding-right:10px; width:33%; }

                .info4 TD, .info4 TH              { padding-right:10px; width:25%; }

                .info TH, .info3 TH, .info4 TH, .disalign TH { border-bottom:1px solid #CCCCCC; padding-right:10px; }

                .subtable, .subtable3             { border:1px solid #CCCCCC; margin-left:0px; background:#FFFFFF; margin-bottom:10px; }

                .subtable TD, .subtable3 TD       { padding-left:10px; padding-right:5px; padding-top:3px; padding-bottom:3px; line-height:1.1em; width:10%; }

                .subtable TH, .subtable3 TH       { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em;  }

                .subtable .footnote               { border-top:1px solid #CCCCCC; }

                .subtable3 .footnote, .subtable .footnote { border-top:1px solid #CCCCCC; }

                .subtable_frame     { background:#D9E3EA; border:1px solid #CCCCCC; margin-bottom:10px; margin-left:15px; }

                .subtable_frame TD  { line-height:1.1em; padding-bottom:3px; padding-left:10px; padding-right:15px; padding-top:3px; }

                .subtable_frame TH  { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; }

                .subtableInnerHead { border-bottom:1px solid #CCCCCC; border-top:1px solid #CCCCCC; }

                .explainlink            { color:#000000; text-decoration:none; cursor:hand; }

                .explainlink:hover      { color:#0000FF; text-decoration:underline; }

                .spacer { background:transparent; border:1px solid #BBBBBB; color:#FFFFFF; display:block; font-family:MS Shell Dlg; font-size:100%; height:10px; margin-bottom:-1px; margin-left:43px; margin-right:0px; padding-top: 4px; position:relative; }

                .filler { background:transparent; border:none; color:#FFFFFF; display:block; font:100% MS Shell Dlg; line-height:8px; margin-bottom:-1px; margin-left:53px; margin-right:0px; padding-top:4px; position:relative; }

                .container { display:block; position:relative; }

                .rsopheader { background-color:#A0BACB; border-bottom:1px solid black; color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-bottom:5px; text-align:center; }

                .rsopname { color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; }

                .gponame{ color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; }

                .gpotype{ color:#333333; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; padding-left:11px; }

                #uri    { color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; }

                #dtstamp{ color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; text-align:left; width:30%; }

                #objshowhide { color:#000000; cursor:hand; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; margin-right:0px; padding-right:10px; text-align:right; text-decoration:underline; z-index:2; word-wrap:normal; }

                #gposummary { display:block; }

                #gpoinformation { display:block; }

                @media print {

                    #objshowhide{ display:none; }

                    body    { color:#000000; border:1px solid #000000; }

                    .title  { color:#000000; border:1px solid #000000; }

                    .he0_expanded    { color:#000000; border:1px solid #000000; }

                    .he1h_expanded   { color:#000000; border:1px solid #000000; }

                    .he1_expanded    { color:#000000; border:1px solid #000000; }

                    .he1    { color:#000000; border:1px solid #000000; }

                    .he2    { color:#000000; background:#EEEEEE; border:1px solid #000000; }

                    .he3    { color:#000000; border:1px solid #000000; }

                    .he4    { color:#000000; border:1px solid #000000; }

                    .he4h   { color:#000000; border:1px solid #000000; }

                    .he4i   { color:#000000; border:1px solid #000000; }

                    .he5    { color:#000000; border:1px solid #000000; }

                    .he5h   { color:#000000; border:1px solid #000000; }

                    .he5i   { color:#000000; border:1px solid #000000; }

                    }

                    v\:* {behavior:url(#default#VML);}

</style>
<!-- Script 1 -->

<script language="vbscript">
<!--
'================================================================================
' String "strShowHide(0/1)"
' 0 = Hide all mode.
' 1 = Show all mode.
strShowHide = 1

'Localized strings
strShow = "show"
strHide = "hide"
strShowAll = "show all"
strHideAll = "hide all"
strShown = "shown"
strHidden = "hidden"
strExpandoNumPixelsFromEdge = "10px"


Function IsSectionHeader(obj)
    IsSectionHeader = (obj.className = "he0_expanded") Or (obj.className = "he1h_expanded") Or (obj.className = "he1_expanded") Or (obj.className = "he1") Or (obj.className = "he2") Or (obj.className = "he3") Or (obj.className = "he4") Or (obj.className = "he4h") Or (obj.className = "he5") Or (obj.className = "he5h")
End Function


Function IsSectionExpandedByDefault(objHeader)
    IsSectionExpandedByDefault = (Right(objHeader.className, Len("_expanded")) = "_expanded")
End Function


' strState must be show | hide | toggle
Sub SetSectionState(objHeader, strState)
    ' Get the container object for the section.  It's the first one after the header obj.

    i = objHeader.sourceIndex
    Set all = objHeader.parentElement.document.all
    While (all(i).className <> "container")
        i = i + 1
    Wend

    Set objContainer = all(i)

    If strState = "toggle" Then
        If objContainer.style.display = "none" Then
            SetSectionState objHeader, "show"
        Else
            SetSectionState objHeader, "hide"
        End If

    Else
        Set objExpando = objHeader.children.item(1)

        If strState = "show" Then
            objContainer.style.display = "block"
            objExpando.innerText = strHide

        ElseIf strState = "hide" Then
            objContainer.style.display = "none"
            objExpando.innerText = strShow
        End If
    End If
End Sub


Sub ShowSection(objHeader)
    SetSectionState objHeader, "show"
End Sub


Sub HideSection(objHeader)
    SetSectionState objHeader, "hide"
End Sub


Sub ToggleSection(objHeader)
    SetSectionState objHeader, "toggle"
End Sub


'================================================================================
' When user clicks anywhere in the document body, determine if user is clicking
' on a header element.
'================================================================================
Function document_onclick()
    Set strsrc    = window.event.srcElement

    While (strsrc.className = "sectionTitle" Or strsrc.className = "expando" Or strsrc.className = "vmlimage")
        Set strsrc = strsrc.parentElement
    Wend

    ' Only handle clicks on headers.
    If Not IsSectionHeader(strsrc) Then Exit Function

    ToggleSection strsrc

    window.event.returnValue = False
End Function

'================================================================================
' link at the top of the page to collapse/expand all collapsable elements
'================================================================================
Function objshowhide_onClick()
    Set objBody = document.body.all
    Select Case strShowHide
        Case 0
            strShowHide = 1
            objshowhide.innerText = strShowAll
            For Each obji In objBody
                If IsSectionHeader(obji) Then
                    HideSection obji
                End If
            Next
        Case 1
            strShowHide = 0
            objshowhide.innerText = strHideAll
            For Each obji In objBody
                If IsSectionHeader(obji) Then
                    ShowSection obji
                End If
            Next
    End Select
End Function

'================================================================================
' onload collapse all except the first two levels of headers (he0, he1)
'================================================================================
Function window_onload()
    ' Only initialize once.  The UI may reinsert a report into the webbrowser control,
    ' firing onLoad multiple times.
    If UCase(document.documentElement.getAttribute("gpmc_reportInitialized")) <> "TRUE" Then

        ' Set text direction
        Call fDetDir(UCase(document.dir))

        ' Initialize sections to default expanded/collapsed state.
        Set objBody = document.body.all

        For Each obji in objBody
            If IsSectionHeader(obji) Then
                If IsSectionExpandedByDefault(obji) Then
                    ShowSection obji
                Else
                    HideSection obji
                End If
            End If
        Next

        objshowhide.innerText = strShowAll

        document.documentElement.setAttribute "gpmc_reportInitialized", "true"
    End If
End Function

                


'================================================================================
' When direction (LTR/RTL) changes, change adjust for readability
'================================================================================
Function document_onPropertyChange()
    If window.event.propertyName = "dir" Then
        Call fDetDir(UCase(document.dir))
    End If
End Function
Function fDetDir(strDir)
    strDir = UCase(strDir)
    Select Case strDir
        Case "LTR"
            Set colRules = document.styleSheets(0).rules
            For i = 0 To colRules.length -1
                Set nug = colRules.item(i)
                strClass = nug.selectorText
                If nug.style.textAlign = "right" Then
                    nug.style.textAlign = "left"
                End If
                Select Case strClass
                    Case "DIV .expando"
                        nug.style.Left = ""
                        nug.style.right = strExpandoNumPixelsFromEdge
                    Case "#objshowhide"
                        nug.style.textAlign = "right"
                End Select
            Next
        Case "RTL"
            Set colRules = document.styleSheets(0).rules
            For i = 0 To colRules.length -1
                Set nug = colRules.item(i)
                strClass = nug.selectorText
                If nug.style.textAlign = "left" Then
                    nug.style.textAlign = "right"
                End If
                Select Case strClass
                    Case "DIV .expando"
                        nug.style.Left = strExpandoNumPixelsFromEdge
                        nug.style.right = ""
                    Case "#objshowhide"
                        nug.style.textAlign = "left"
                End Select
            Next
    End Select
End Function

'================================================================================
'When printing reports, if a given section is expanded, let's says "shown" (instead of "hide" in the UI).
'================================================================================
Function window_onbeforeprint()
    For Each obji In document.all
        If obji.className = "expando" Then
            If obji.innerText = strHide Then obji.innerText = strShown
            If obji.innerText = strShow Then obji.innerText = strHidden
        End If
    Next
End Function

'================================================================================
'If a section is collapsed, change to "hidden" in the printout (instead of "show").
'================================================================================
Function window_onafterprint()
    For Each obji In document.all
        If obji.className = "expando" Then
            If obji.innerText = strShown Then obji.innerText = strHide
            If obji.innerText = strHidden Then obji.innerText = strShow
        End If
    Next
End Function

'================================================================================
' Adding keypress support for accessibility
'================================================================================
Function document_onKeyPress()
    If window.event.keyCode = "32" Or window.event.keyCode = "13" Or window.event.keyCode = "10" Then 'space bar (32) or carriage return (13) or line feed (10)
        If window.event.srcElement.className = "expando" Then Call document_onclick() : window.event.returnValue = false
        If window.event.srcElement.className = "sectionTitle" Then Call document_onclick() : window.event.returnValue = false
        If window.event.srcElement.id = "objshowhide" Then Call objshowhide_onClick() : window.event.returnValue = false
    End If
End Function
                
-->
</script>
                
<!-- Script 2 -->

<script language="javascript">
<!--
function getExplainWindowTitle()
{
        return document.getElementById("explainText_windowTitle").innerHTML;
}

function getExplainWindowStyles()
{
        return document.getElementById("explainText_windowStyles").innerHTML;
}

function getExplainWindowSettingPathLabel()
{
        return document.getElementById("explainText_settingPathLabel").innerHTML;
}

function getExplainWindowExplainTextLabel()
{
        return document.getElementById("explainText_explainTextLabel").innerHTML;
}

function getExplainWindowPrintButton()
{
        return document.getElementById("explainText_printButton").innerHTML;
}

function getExplainWindowCloseButton()
{
        return document.getElementById("explainText_closeButton").innerHTML;
}

function getNoExplainTextAvailable()
{
        return document.getElementById("explainText_noExplainTextAvailable").innerHTML;
}

function getExplainWindowSupportedLabel()
{
        return document.getElementById("explainText_supportedLabel").innerHTML;
}

function getNoSupportedTextAvailable()
{
        return document.getElementById("explainText_noSupportedTextAvailable").innerHTML;
}

function showExplainText(srcElement)
{
    var strSettingName = srcElement.getAttribute("gpmc_settingName");
    var strSettingPath = srcElement.getAttribute("gpmc_settingPath");
    var strSettingDescription = srcElement.getAttribute("gpmc_settingDescription");

    if (strSettingDescription == "")
    {
                strSettingDescription = getNoExplainTextAvailable();
    }

    var strSupported = srcElement.getAttribute("gpmc_supported");

    if (strSupported == "")
    {
        strSupported = getNoSupportedTextAvailable();
    }

    var strHtml = "<html>\n";
    strHtml += "<head>\n";
    strHtml += "<title>" + getExplainWindowTitle() + "</title>\n";
    strHtml += "<style type='text/css'>\n" + getExplainWindowStyles() + "</style>\n";
    strHtml += "</head>\n";
    strHtml += "<body>\n";
    strHtml += "<div class='head'>" + strSettingName +"</div>\n";
    strHtml += "<div class='path'><b>" + getExplainWindowSettingPathLabel() + "</b><br/>" + strSettingPath +"</div>\n";
    strHtml += "<div class='path'><b>" + getExplainWindowSupportedLabel() + "</b><br/>" + strSupported +"</div>\n";
    strHtml += "<div class='info'>\n";
    strHtml += "<div class='hdr'>" + getExplainWindowExplainTextLabel() + "</div>\n";
    strHtml += "<div class='bdy'>" + strSettingDescription + "</div>\n";
    strHtml += "<div class='btn'>";
    strHtml += getExplainWindowPrintButton();
    strHtml += getExplainWindowCloseButton();
    strHtml += "</div></body></html>";

    var strDiagArgs = "height=360px, width=630px, status=no, toolbar=no, scrollbars=yes, resizable=yes ";
    var expWin = window.open("", "expWin", strDiagArgs);
    expWin.document.write("");
    expWin.document.close();
    expWin.document.write(strHtml);
    expWin.document.close();
    expWin.focus();

    //cancels navigation for IE.
    if(navigator.userAgent.indexOf("MSIE") > 0)
    {
        window.event.returnValue = false;
    }

    return false;
}
-->
</script>
                
</head>

<body>

<!-- HTML resources -->
<div style="display:none;">
        <div id="explainText_windowTitle">Group Policy Management</div>
        <div id="explainText_windowStyles">
        
                            body  { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; }

                            .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; }

                            .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; }

                            .info { padding-left:10px;width:100%; }

                            table { font-size:100%; width:100%; border:1px solid #999999; }

                            th    { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; }

                            td    { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; }

                            .btn  { width:100%; text-align:right; margin-top:16px; }

                            .hdr  { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; }

                            .bdy  { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; }

                            button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; }

                            @media print {

                                .bdy { display:block; overflow:visible; }

                                button { display:none; }

                                .head { color:#000000; background:#FFFFFF; border:1px solid #000000; }

                            }

                
        </div>
        <div id="explainText_settingPathLabel">Setting Path:</div>
        <div id="explainText_explainTextLabel">Explanation</div>
        <div id="explainText_printButton">
        <button name="Print" onClick="window.print()" accesskey="P"><u>P</u>rint</button>

                </div>
        <div id="explainText_closeButton">
        <button name="Close" onClick="window.close()" accesskey="C"><u>C</u>lose</button>
                
        </div>
        <div id="explainText_noExplainTextAvailable">No explanation is available for this setting.</div>
        <div id="explainText_supportedLabel">Supported On:</div>
        <div id="explainText_noSupportedTextAvailable">Not available</div>
</div>
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">Computer Configuration (Enabled)</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1h_expanded"><span class="sectionTitle" tabindex="0">Policies</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1"><span class="sectionTitle" tabindex="0">Administrative Templates</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i">Policy definitions (ADMX files) retrieved from the central store.</div><div class="he3"><span class="sectionTitle" tabindex="0">System/Trusted Platform Module Services</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><a class="explainlink" href="javascript:void();" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Turn on TPM backup to Active Directory Domain Services" gpmc_settingPath="Computer Configuration/Administrative Templates/System/Trusted Platform Module Services" gpmc_settingDescription="This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of Trusted Platform Module (TPM) owner information. &lt;br/&gt;&lt;br/&gt;TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can only be run by the TPM owner. This hash authorizes the TPM to run these commands. &lt;br/&gt;&lt;br/&gt;If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. &lt;br/&gt;&lt;br/&gt;If you select the option to &amp;quot;Require TPM backup to AD DS&amp;quot;, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds. This option is selected by default to help ensure that TPM owner information is available. Otherwise, AD DS backup is attempted but network or other backup failures do not impact TPM management. Backup is not automatically retried and the TPM owner information may not have been stored in AD DS during BitLocker setup.&lt;br/&gt;&lt;br/&gt;If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS. &lt;br/&gt;&lt;br/&gt;Note: You must first set up appropriate schema extensions and access control settings on the domain before AD DS backup can succeed. Consult online documentation for more information about setting up Active Directory Domain Services for TPM.&lt;br/&gt;&lt;br/&gt;Note: The TPM cannot be used to provide enhanced security features for BitLocker Drive Encryption and other applications without first setting an owner. To take ownership of the TPM with an owner password, run &amp;quot;tpm.msc&amp;quot; and select the action to &amp;quot;Initialize TPM&amp;quot;.&lt;br/&gt;&lt;br/&gt;Note: If the TPM owner information is lost or is not available, limited TPM management is possible by running &amp;quot;tpm.msc&amp;quot; on the local computer." gpmc_supported="At least Windows Vista">Turn on TPM backup to Active Directory Domain Services</a></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td>Require TPM backup to AD DS</td><td>Enabled</td></tr>
<tr><td colspan="2"></td></tr><tr><td colspan="2">If selected, cannot set or change TPM owner password </td></tr><tr><td colspan="2">if backup fails (recommended default).</td></tr><tr><td colspan="2"></td></tr><tr><td colspan="2">If not selected, can set or change TPM owner password</td></tr><tr><td colspan="2">even if backup fails. Backup is not automatically retried.</td></tr></table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/BitLocker Drive Encryption</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><a class="explainlink" href="javascript:void();" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Choose drive encryption method and cipher strength" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption" gpmc_settingDescription="This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available.&lt;br/&gt;        &lt;br/&gt;If you enable this policy setting you will be able to choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.&lt;br/&gt;&lt;br/&gt;If you disable or do not configure this policy setting, BitLocker will use the default encryption method of AES 128-bit with Diffuser or the encryption method specified by the setup script.&lt;br/&gt;&lt;br/&gt;      " gpmc_supported="At least Windows Vista">Choose drive encryption method and cipher strength</a></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td>Select the encryption method:</td><td>AES 128-bit with Diffuser (default)</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><a class="explainlink" href="javascript:void();" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption" gpmc_settingDescription="This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard can display and specify BitLocker recovery options. This policy is only applicable to computers running Windows Server 2008 or Windows Vista. This policy setting is applied when you turn on BitLocker.&lt;br/&gt;&lt;br/&gt;Two recovery options can be used to unlock BitLocker-encrypted data in the absence of the required startup key information. The user either can type a 48-digit numerical recovery password or insert a USB flash drive containing a 256-bit recovery key.&lt;br/&gt;&lt;br/&gt;If you enable this policy setting, you can configure the options that the setup wizard displays to users for recovering BitLocker encrypted data. Saving to a USB flash drive will store the 48-digit recovery password as a text file and the 256-bit recovery key as a hidden file. Saving to a folder will store the 48-digit recovery password as a text file. Printing will send the 48-digit recovery password to the default printer. For example, not allowing the 48-digit recovery password will prevent users from being able to print or save recovery information to a folder.&lt;br/&gt;&lt;br/&gt;If you disable or do not configure this policy setting, the BitLocker setup wizard will present users with ways to store recovery options.&lt;br/&gt;&lt;br/&gt;Note: If Trusted Platform Module (TPM) initialization is needed during the BitLocker setup, TPM owner information will be saved or printed with the BitLocker recovery information.&lt;br/&gt;&lt;br/&gt;Note: The 48-digit recovery password will not be available in FIPS-compliance mode.&lt;br/&gt;&lt;br/&gt;Important: This policy setting provides an administrative method of recovering data encrypted by BitLocker to prevent data loss due to lack of key information. If you do not allow both user recovery options you must enable the &amp;quot;Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)&amp;quot; policy setting to prevent a policy error.&lt;br/&gt;&lt;br/&gt;      " gpmc_supported="Windows Vista and Windows Server 2008">Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)</a></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td colspan="2">Important: To prevent data loss, you must have a way to recover BitLocker encryption keys. If you do not allow both recovery options below, you must enable backup of BitLocker recovery information to AD DS. Otherwise, a policy error occurs.</td></tr><tr><td>Configure 48-digit recovery password:</td><td>Do not allow recovery password</td></tr>
<tr><td>Configure 256-bit recovery key:</td><td>Do not allow recovery key</td></tr>
<tr><td colspan="2">Note: If you do not allow the recovery password and require the recovery key, users cannot enable BitLocker without saving to USB.</td></tr><tr><td colspan="2"></td></tr></table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><a class="explainlink" href="javascript:void();" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Prevent memory overwrite on restart" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption" gpmc_settingDescription="This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.&lt;br/&gt;&lt;br/&gt;If you enable this policy setting, memory will not be overwritten when the computer restarts. Preventing memory overwrite may improve restart performance but will increase the risk of exposing BitLocker secrets.&lt;br/&gt;&lt;br/&gt;If you disable or do not configure this policy setting, BitLocker secrets are removed from memory when the computer restarts.&lt;br/&gt;&lt;br/&gt;      " gpmc_supported="At least Windows Vista">Prevent memory overwrite on restart</a></td><td>Disabled</td><td></td></tr>
<tr><td><a class="explainlink" href="javascript:void();" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Store BitLocker recovery information in Active Directory Domain Services(Windows Server 2008 and Windows Vista)" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption" gpmc_settingDescription="This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of BitLocker Drive Encryption recovery information. This provides an administrative method of recovering data encrypted by BitLocker to prevent data loss due to lack of key information. This policy is only applicable to computers running Windows Server 2008 or Windows Vista.&lt;br/&gt;&lt;br/&gt;If you enable this policy setting, BitLocker recovery information will be automatically and silently backed up to AD DS when BitLocker is turned on for a computer. This policy setting is applied when you turn on BitLocker.&lt;br/&gt;&lt;br/&gt;Note: You must first set up appropriate schema extensions and access control settings on the domain before AD DS backup can succeed. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about setting up AD DS backup for BitLocker.&lt;br/&gt;&lt;br/&gt;BitLocker recovery information includes the recovery password and some unique identifier data. You can also include a package that contains a BitLocker-protected drive's encryption key. This key package is secured by one or more recovery passwords and may help perform specialized recovery when the disk is damaged or corrupted.&lt;br/&gt;&lt;br/&gt;If you select the option to &amp;quot;Require BitLocker backup to AD DS&amp;quot; BitLocker cannot be turned on unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. This option is selected by default to help ensure that BitLocker recovery is possible. If this option is not selected, AD DS backup is attempted but network or other backup failures do not prevent BitLocker setup. Backup is not automatically retried and the recovery password may not have been stored in AD DS during BitLocker setup.&lt;br/&gt;&lt;br/&gt;If you disable or do not configure this policy setting, BitLocker recovery information will not be backed up to AD DS.&lt;br/&gt;&lt;br/&gt;Note: Trusted Platform Module (TPM) initialization may be needed during BitLocker setup. Enable the &amp;quot;Turn on TPM backup to Active Directory Domain Services&amp;quot; policy setting in System\Trusted Platform Module Services to ensure that TPM information is also backed up.&lt;br/&gt;" gpmc_supported="Windows Vista and Windows Server 2008">Store BitLocker recovery information in Active Directory Domain Services(Windows Server 2008 and Windows Vista)</a></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td>Require BitLocker backup to AD DS</td><td>Enabled</td></tr>
<tr><td colspan="2">If selected, cannot turn on BitLocker if backup fails (recommended default). </td></tr><tr><td colspan="2">If not selected, can turn on BitLocker even if backup fails. Backup is not automatically retried.</td></tr><tr><td>Select BitLocker recovery information to store:</td><td>Recovery passwords and key packages</td></tr>
<tr><td colspan="2"></td></tr><tr><td colspan="2">A recovery password is a 48-digit number that unlocks access to a BitLocker-protected drive.</td></tr><tr><td colspan="2">A key package contains a drive's BitLocker encryption key secured by one or more recovery passwords</td></tr><tr><td colspan="2">Key packages may help perform specialized recovery when the disk is damaged or corrupted. </td></tr></table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/BitLocker Drive Encryption/Fixed Data Drives</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><a class="explainlink" href="javascript:void();" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Allow access to BitLocker-protected fixed data drives from earlier versions of Windows" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Fixed Data Drives" gpmc_settingDescription="This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems.&lt;br/&gt;&lt;br/&gt;If this policy setting is enabled or not configured, fixed data drives formatted with the FAT file system can be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have read-only access to BitLocker-protected drives.&lt;br/&gt;&lt;br/&gt;When this policy setting is enabled, select the &amp;quot;Do not install BitLocker To Go Reader on FAT formatted fixed drives&amp;quot; check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the &amp;quot;Provide unique identifiers for your organization&amp;quot; policy setting, the user will be prompted to update BitLocker and BitLocker To Go Reader will be deleted from the drive. In this situation, for the fixed drive to be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the fixed drive to enable users to unlock the drive on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2 that do not have BitLocker To Go Reader installed.&lt;br/&gt;&lt;br/&gt;If this policy setting is disabled, fixed data drives formatted with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2. Bitlockertogo.exe will not be installed.&lt;br/&gt;&lt;br/&gt;Note: This policy setting does not apply to drives that are formatted with the NTFS file system.&lt;br/&gt;&lt;br/&gt;      " gpmc_supported="Windows 7 family">Allow access to BitLocker-protected fixed data drives from earlier versions of Windows</a></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td>Do not install BitLocker To Go Reader on FAT formatted fixed drives</td><td>Disabled</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><a class="explainlink" href="javascript:void();" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Choose how BitLocker-protected fixed drives can be recovered" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Fixed Data Drives" gpmc_settingDescription="This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker.&lt;br/&gt;&lt;br/&gt;The &amp;quot;Allow data recovery agent&amp;quot; check box is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.&lt;br/&gt;&lt;br/&gt;In &amp;quot;Configure user storage of BitLocker recovery information&amp;quot; select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.&lt;br/&gt;&lt;br/&gt;Select &amp;quot;Omit recovery options from the BitLocker setup wizard&amp;quot; to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you enable BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.&lt;br/&gt;&lt;br/&gt;In &amp;quot;Save BitLocker recovery information to Active Directory Doman Services&amp;quot; choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select &amp;quot;Backup recovery password and key package&amp;quot;, both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select &amp;quot;Backup recovery password only,&amp;quot; only the recovery password is stored in AD DS.&lt;br/&gt;&lt;br/&gt;Select the &amp;quot;Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives&amp;quot; check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.&lt;br/&gt;&lt;br/&gt;Note: If the &amp;quot;Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives&amp;quot; check box is selected, a recovery password is automatically generated.&lt;br/&gt;&lt;br/&gt;If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives.&lt;br/&gt;&lt;br/&gt;If this policy setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS&lt;br/&gt;&lt;br/&gt;" gpmc_supported="Windows 7 family">Choose how BitLocker-protected fixed drives can be recovered</a></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td>Allow data recovery agent</td><td>Disabled</td></tr>
<tr><td colspan="2">Configure user storage of BitLocker recovery information:</td></tr><tr><td></td><td>Allow 48-digit recovery password</td></tr>
<tr><td></td><td>Allow 256-bit recovery key</td></tr>
<tr><td>Omit recovery options from the BitLocker setup wizard</td><td>Enabled</td></tr>
<tr><td>Save BitLocker recovery information to AD DS for fixed data drives</td><td>Enabled</td></tr>
<tr><td>Configure storage of BitLocker recovery information to AD DS:</td><td>Backup recovery passwords and key packages</td></tr>
<tr><td>Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives</td><td>Enabled</td></tr>
</table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/BitLocker Drive Encryption/Operating System Drives</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><a class="explainlink" href="javascript:void();" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Choose how BitLocker-protected operating system drives can be recovered" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives" gpmc_settingDescription="This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker.&lt;br/&gt;&lt;br/&gt;The &amp;quot;Allow certificate-based data recovery agent&amp;quot; check box is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.&lt;br/&gt;&lt;br/&gt;In &amp;quot;Configure user storage of BitLocker recovery information&amp;quot; select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.&lt;br/&gt;&lt;br/&gt;Select &amp;quot;Omit recovery options from the BitLocker setup wizard&amp;quot; to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you enable BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.&lt;br/&gt;&lt;br/&gt;In &amp;quot;Save BitLocker recovery information to Active Directory Domain Services&amp;quot;, choose which BitLocker recovery information to store in AD DS for operating system drives. If you select &amp;quot;Backup recovery password and key package&amp;quot;, both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select &amp;quot;Backup recovery password only,&amp;quot; only the recovery password is stored in AD DS.&lt;br/&gt;&lt;br/&gt;Select the &amp;quot;Do not enable BitLocker until recovery information is stored in AD DS for operating system drives&amp;quot; check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.&lt;br/&gt;&lt;br/&gt;Note: If the &amp;quot;Do not enable BitLocker until recovery information is stored in AD DS for operating system drives&amp;quot; check box is selected, a recovery password is automatically generated.&lt;br/&gt;&lt;br/&gt;If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.&lt;br/&gt;&lt;br/&gt;If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.&lt;br/&gt;&lt;br/&gt;" gpmc_supported="Windows 7 family">Choose how BitLocker-protected operating system drives can be recovered</a></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td>Allow data recovery agent</td><td>Disabled</td></tr>
<tr><td colspan="2">Configure user storage of BitLocker recovery information:</td></tr><tr><td></td><td>Allow 48-digit recovery password</td></tr>
<tr><td></td><td>Allow 256-bit recovery key</td></tr>
<tr><td>Omit recovery options from the BitLocker setup wizard</td><td>Enabled</td></tr>
<tr><td>Save BitLocker recovery information to AD DS for operating system drives</td><td>Enabled</td></tr>
<tr><td>Configure storage of BitLocker recovery information to AD DS:</td><td>Store recovery passwords and key packages</td></tr>
<tr><td>Do not enable BitLocker until recovery information is stored to AD DS for operating system drives</td><td>Enabled</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><a class="explainlink" href="javascript:void();" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Require additional authentication at startup" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives" gpmc_settingDescription="This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker.&lt;br/&gt;&lt;br/&gt;Note: Only one of the additional authentication options can be required at startup, otherwise a policy error occurs.&lt;br/&gt;&lt;br/&gt;If you want to use BitLocker on a computer without a TPM, select the &amp;quot;Allow BitLocker without a compatible TPM&amp;quot; check box. In this mode a USB drive is required for start-up and the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable you will need to use one of the BitLocker recovery options to access the drive.&lt;br/&gt;&lt;br/&gt;On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 4-digit to 20-digit personal identification number (PIN), or both.&lt;br/&gt;&lt;br/&gt;If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.&lt;br/&gt;&lt;br/&gt;If you disable or do not configure this policy setting, users can configure only basic options on computers with a TPM.&lt;br/&gt;&lt;br/&gt;Note: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.&lt;br/&gt;&lt;br/&gt;" gpmc_supported="Windows 7 family">Require additional authentication at startup</a></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td>Allow BitLocker without a compatible TPM</td><td>Enabled</td></tr>
<tr><td colspan="2">(requires a startup key on a USB flash drive)</td></tr><tr><td colspan="2">Settings for computers with a TPM:</td></tr><tr><td>Configure TPM startup:</td><td>Allow TPM</td></tr>
<tr><td>Configure TPM startup PIN:</td><td>Do not allow startup PIN with TPM</td></tr>
<tr><td>Configure TPM startup key:</td><td>Do not allow startup key with TPM</td></tr>
<tr><td>Configure TPM startup key and PIN:</td><td>Do not allow startup key and PIN with TPM</td></tr>
<tr><td colspan="2"></td></tr></table></td></tr></table>
</div></div></div></div></div>
</body></html>