Windows 10: Bitlocker/TPM USB key/password question

Discus and support Bitlocker/TPM USB key/password question in Windows 10 Ask Insider to solve the problem; [ATTACH] Hi! Just a question about Bitlocker/Trusted Platform Module (TPM). Because my PC doesn't have a TPM chip built in, everyone is saying I... Discussion in 'Windows 10 Ask Insider' started by /u/okstef, Nov 29, 2020.

  1. /u/okstef Win User

    Bitlocker/TPM USB key/password question


    Bitlocker/TPM USB key/password question ltrR_Rj1B18b1Jo4J9PybdmRzCyURyIUQqBSk43ablM.jpg

    Hi!

    Just a question about Bitlocker/Trusted Platform Module (TPM).

    Because my PC doesn't have a TPM chip built in, everyone is saying I need a security password and a USB to store the authentication key. But, as pictured, my PC says "and/or."

    Do I need the USB or can I try with a password alone?

    I'm starting a new job tomorrow which requires me to encrypt my PC, and I didn't foresee this issue happening at 11pm. Please help. :-( Hoping you'll say I don't need the USB.



    https://preview.redd.it/syp2v1a3xa2...bp&s=9ba0326f0555e6b37b64d8f5b8c85ba0d7684d6e

    submitted by /u/okstef
    [link] [comments]

    :)
     
    /u/okstef, Nov 29, 2020
    #1
  2. Brink Win User

    Bitlocker Questions

    Did you uncheck "Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)" in step 4?

    Using "allow" is fine. You will specify using a PIN to unlock BitLocker at step 10.

    It doesn't matter about your account password.
     
    Brink, Nov 29, 2020
    #2
  3. Bitlocker, TPM, BIOS PASSWORD, help on interaction of these


    Tech help requested
    Bitlocker, TPM, AMI Bios and TPM, SAmsung TabPro S (windows) computer tablet

    Tech requests to AMI bios and to samsung, for clarification of these items, has been USELESS.

    I have the tablet, with Bitlocker enabled. I do NOT have a PIN enabled for bitlocker, because the ON-SCREEN keyboard does NOT activate, for bitlocker PIN entry. (Bitlocker key is apparently controlled by TPM).

    I have BIOS ADMINISTRATOR PASSWORD enabled, which gets requested at MACHINE STARTUP, and DOES use the on-screen keyboard.
    From what I ahve read, this ALSO is stored with TPM.

    QUESTION
    DOES TPM control the BIOS ADMISTRATOR PASSWORD, such that ERASING the TPM would erase the REQUIREMENT for this password, but also erase the stored BITLOCKER key such that anyone who got the hard drive, etc, would then have to enter the 40+ character recovery key to access that bitlocked partition?

    QUESTION
    TPM (ver. 1.2) - does repeated incorrect entry of the BIOS ADMINISTRATOR PASSWORD cause the TPM to go into lockout mode, such as it does if the BITLOCKER PIN (when enabled) is entered incorrectly?

    I am trying to clarify how TPM (ver. 1.2) works, how it protects the machine, and how it handles bitlocker.

    I would LOVE to have an additional PIN for this tablet, for bitlocker, but samsung will not answer whether the on-screen keyboard can be enabled to enter this.

    any help, or escalation of this, is appreciated.
    thakns
     
    astormyday, Nov 29, 2020
    #3
  4. Yan.S Win User

    Bitlocker/TPM USB key/password question

    Bitlocker without TPM

    Hi there,

    I'm trying to use Bitlocker without TPM

    My version is Windows 10 Home, and I try to follow -

    To turn on BitLocker Drive Encryption on a computer without a compatible TPM



    1. Click Start, type gpedit.mscin the Start Search box, and then press ENTER.
    2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    3. In the Local Group Policy Editor console tree, click Local Computer Policy, click Administrative Templates, click Windows Components, and then clickBitLocker Drive Encryption.
    4. Double-click the setting Control Panel Setup: Enable Advanced Startup Options.
    5. Select the Enabled option, select the Allow BitLocker without a compatible TPM check box, and then click OK.
    You have changed the policy setting so that you can use a startup key instead of a TPM.

    1. Close the Local Group Policy Editor.
    2. To force Group Policy to apply immediately, you can click Start, typegpupdate.exe /forcein the Start Search box, and then press ENTER.
    3. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.
    4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    5. On the BitLocker Drive Encryption page, click Turn On BitLocker. This will only appear with the operating system volume.
    6. On the Set BitLocker Startup Preferences page, select the Require Startup USB Key at every startup option. This is the only option available for non-TPM configurations. This key must be inserted each time before you start
      the computer.
    7. Insert your USB flash drive in the computer, if it is not already there.
    8. On the Save your Startup Key page, choose the location of your USB flash drive, and then click Save.
    9. On the Save the recovery password page, you will see the following options:
    · Save the password on a USB drive. Saves the password to a USB flash drive.

    · Save the password in a folder. Saves the password to a folder on a network drive or other location.

    · Print the password. Prints the password

    While I have a problem on step 4.

    Double-click the setting Control Panel Setup: Enable Advanced Startup Options.

    I can find "BitLocker Drive Encryption" on my group policy editor, while I cannot find
    Control Panel Setup: Enable Advanced Startup Options anywhere.

    Thank you for your help.

    Best Regards,

    Yan
     
    Yan.S, Nov 29, 2020
    #4
Thema:

Bitlocker/TPM USB key/password question

Loading...
  1. Bitlocker/TPM USB key/password question - Similar Threads - Bitlocker TPM USB

  2. BitLocker Key Question

    in Windows 10 Gaming
    BitLocker Key Question: I saved bitlocker key to MS account, then from that same window I saved to a FD. The key at my account reads different from the key on the FD. How do I know which one is correct? Should I have saved the MS account key to a Word or Notepad then placed the doc on the FD? Have I...
  3. BitLocker Key Question

    in Windows 10 Software and Apps
    BitLocker Key Question: I saved bitlocker key to MS account, then from that same window I saved to a FD. The key at my account reads different from the key on the FD. How do I know which one is correct? Should I have saved the MS account key to a Word or Notepad then placed the doc on the FD? Have I...
  4. Bitlocker with TPM, password, usbkey or yubikey

    in AntiVirus, Firewalls and System Security
    Bitlocker with TPM, password, usbkey or yubikey: Hi, Which would be more secure? BitLocker with TPM, password, and usb-key or yubikey? I believe I know how to configure the 3-factor combo in Windows 10 pro, but not the yubikey. Thank-You! 182280
  5. TPM or NO TPM That is the Question

    in AntiVirus, Firewalls and System Security
    TPM or NO TPM That is the Question: I have an Asus ROG Maximus Hero X WI-FI-AC and, even though this is built for gaming I use it for everyday work. I have two Two Samsung SSD's, the 970 Pro M.2 which is C drive and the 860 Evo is is D drive. I have done a lot of reading about the TPM that goes to this board...
  6. Bitlocker with TPM

    in AntiVirus, Firewalls and System Security
    Bitlocker with TPM: Hi , I,m not sure if this is the right place to post this . Anyway , My query is about encryption on win10 pro . Previously I had a laptop with no TPM so I had to us the group policy editor to allow encryption to work , fine ,all was working and I had to type a password...
  7. Bitlocker...TPM + PIN vs Password?

    in AntiVirus, Firewalls and System Security
    Bitlocker...TPM + PIN vs Password?: I have seen this question asked elsewhere several times, but with different answers...so I just want to make sure my understanding of BitLocker is correct. In the past, I had used BitLocker on several computers that did Not have a TPM...therefore I had to use a strong...
  8. BitLocker not requiring password at boot. (Without TPM)

    in AntiVirus, Firewalls and System Security
    BitLocker not requiring password at boot. (Without TPM): I've recently installed bitlocker on my computer. Although windows says my C: drive is encrypted; I am not asked for my decryption password when i boot the computer. I get put straight into the login screen. I've done the necessary steps to enable bitlocker without TPM but...
  9. Bitlocker, TPM, BIOS PASSWORD, help on interaction of these

    in AntiVirus, Firewalls and System Security
    Bitlocker, TPM, BIOS PASSWORD, help on interaction of these: Tech help requested Bitlocker, TPM, AMI Bios and TPM, SAmsung TabPro S (windows) computer tablet Tech requests to AMI bios and to samsung, for clarification of these items, has been USELESS. I have the tablet, with Bitlocker enabled. I do NOT have a PIN enabled for...
  10. Bitlocker with TPM and Offline Password Editor

    in AntiVirus, Firewalls and System Security
    Bitlocker with TPM and Offline Password Editor: Hi, If I enable Bitlocker with TPM (i.e. no passcode required on boot-up), and I have the Local Administrator account enabled on the machine (with my normal user account as a standard account), would it be possible for someone with a Hirens Boot CD blank/reset the Local...