Windows 10: BitLocker TPM Group Policy difference between Allow and Require

Discus and support BitLocker TPM Group Policy difference between Allow and Require in AntiVirus, Firewalls and System Security to solve the problem; Hello, could somebody please explain the differences between "Allow" and "Require" for EACH of these BitLocker Group Policy options: Configure TPM... Discussion in 'AntiVirus, Firewalls and System Security' started by 3lectr0, Aug 31, 2019.

  1. 3LECTR0
    3lectr0 Win User

    BitLocker TPM Group Policy difference between Allow and Require


    Hello,


    could somebody please explain the differences between "Allow" and "Require" for EACH of these BitLocker Group Policy options:

    1. Configure TPM startup: "Allow TPM" vs "Require TPM"
    2. Configure TPM startup PIN: "Allow startup PIN with TPM" vs "Require startup PIN with TPM"
    3. Configure TPM startup key: "Allow startup key with TPM" vs "Require startup key with TPM"
    4. Configure TPM startup key and PIN: "Allow startup key and PIN with TPM" vs "Require startup key and PIN with TPM"


    BitLocker TPM Group Policy difference between Allow and Require a228a135-ad14-4044-b0ba-8a9623828c1c?upload=true.png


    Help is very appreciated!

    :)
     
    3lectr0, Aug 31, 2019
    #1
  2. YAN.S
    Yan.S Win User

    Bitlocker without TPM

    Hi there,

    I'm trying to use Bitlocker without TPM

    My version is Windows 10 Home, and I try to follow -

    To turn on BitLocker Drive Encryption on a computer without a compatible TPM



    1. Click Start, type gpedit.mscin the Start Search box, and then press ENTER.
    2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    3. In the Local Group Policy Editor console tree, click Local Computer Policy, click Administrative Templates, click Windows Components, and then clickBitLocker Drive Encryption.
    4. Double-click the setting Control Panel Setup: Enable Advanced Startup Options.
    5. Select the Enabled option, select the Allow BitLocker without a compatible TPM check box, and then click OK.
    You have changed the policy setting so that you can use a startup key instead of a TPM.

    1. Close the Local Group Policy Editor.
    2. To force Group Policy to apply immediately, you can click Start, typegpupdate.exe /forcein the Start Search box, and then press ENTER.
    3. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.
    4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    5. On the BitLocker Drive Encryption page, click Turn On BitLocker. This will only appear with the operating system volume.
    6. On the Set BitLocker Startup Preferences page, select the Require Startup USB Key at every startup option. This is the only option available for non-TPM configurations. This key must be inserted each time before you start
      the computer.
    7. Insert your USB flash drive in the computer, if it is not already there.
    8. On the Save your Startup Key page, choose the location of your USB flash drive, and then click Save.
    9. On the Save the recovery password page, you will see the following options:
    · Save the password on a USB drive. Saves the password to a USB flash drive.

    · Save the password in a folder. Saves the password to a folder on a network drive or other location.

    · Print the password. Prints the password

    While I have a problem on step 4.

    Double-click the setting Control Panel Setup: Enable Advanced Startup Options.

    I can find "BitLocker Drive Encryption" on my group policy editor, while I cannot find
    Control Panel Setup: Enable Advanced Startup Options anywhere.

    Thank you for your help.

    Best Regards,

    Yan
     
    Yan.S, Aug 31, 2019
    #2
  3. WARREN982
    warren982 Win User
    How to set up BitLocker on a pc without TPM

    I found the following instructions and they work:

    "Thank you for being a part of Windows 10 Technical Preview testing.

    You can use Bit locker in Windows 10 without TPM. I would suggest you to try the following steps.

    How to Configure Computer to Enable BitLocker without Compatible TPM:

    Administrators must follow the steps below to configure their Windows 8 computers to allow enabling Bit Locker Drive Encryption without compatible TPM:

    a. Log on to Windows 10 computer with the account that has administrative privileges.

    b. Assuming that the computer has been configured to display classic start menu, click Start and at the bottom of the menu in search box type GPEDIT.MSC command and press enter key.

    c. On the opened Local Group Policy Editor snap-in from the left pane expand Computer Configuration > Administrative Templates > Windows Components > Bit Locker Drive Encryption and from the expanded list click to select Operating System Devices.

    d. From the right pane double-click “Require additional authentication” at startup.

    e. On the opened box click to select Enabled radio button and ensure that under Options section Allow Bit Locker without a compatible TPM checkbox is checked.

    f. Once done, click Ok button to allow the changes to take effect and close Local Group Policy Editor snap-in."

    I never could have set up Bitlocker without this.
     
    warren982, Aug 31, 2019
    #3
  4. RONNIE VERNON
    Ronnie Vernon Win User

    BitLocker TPM Group Policy difference between Allow and Require

    group policy query

    Hi

    Group Policy and Bitlocker encryption is not included in the Home versions of Windows.

    Additional requirements to use certain features:

    How to Check Windows 10 Computer System Specs & Requirements - Microsoft

    • BitLocker To Go requires a USB flash drive (Windows 10 Pro only).
    • BitLocker requires either Trusted Platform Module (TPM) 1.2, TPM 2.0 or a USB flash drive
      (Windows 10 Pro and Windows 10 Enterprise only).

    Download the Edition Comparisons (.PDF):

    http://download.microsoft.com/downl...-DE018B0CD3E5/Windows 10 Compare Editions.pdf

    Regards
     
    Ronnie Vernon, Aug 31, 2019
    #4
Thema:

BitLocker TPM Group Policy difference between Allow and Require

Loading...

  1. BitLocker TPM Group Policy difference between Allow and Require - Similar Threads - BitLocker TPM Group

  2. Allow specific USB devices through group policy

    in Windows 10 Software and Apps
    Allow specific USB devices through group policy: I have been trying to configure allowing only certain USB devices through group policy. I am using my windows 10 Pro 22H2 OS build 19045.2486 machine to test it with Local Group Policy before trying to deploy through the server group policy. Here is what I have...

  3. Allow specific USB devices through group policy

    in Windows 10 Drivers and Hardware
    Allow specific USB devices through group policy: I have been trying to configure allowing only certain USB devices through group policy. I am using my windows 10 Pro 22H2 OS build 19045.2486 machine to test it with Local Group Policy before trying to deploy through the server group policy. Here is what I have...

  4. Group Policy not replicating between Domain Controllers

    in Windows 10 News
    Group Policy not replicating between Domain Controllers: [ATTACH]This post provides the most suitable solutions to the issue whereby Group Policies are not applying as well as not replicating between Domain Controllers in a typical Windows Server environment. If GPOs are not syncing or replicating between domain controllers, it...

  5. Bitlocker Group Policy settings

    in AntiVirus, Firewalls and System Security
    Bitlocker Group Policy settings: Dear reader,I have a question about the bitlocker group policy settings. More specifically about the configuration of the pre-boot recovery message and URL. In the image below it's in Dutch you see the standard bitlocker recovery message. We know it is possible to include an...

  6. Bitlocker/TPM/Group Policy Settings

    in AntiVirus, Firewalls and System Security
    Bitlocker/TPM/Group Policy Settings: I am looking at how to configure the combination of the three technologies mentioned above to achieve the following goals. Encrypt OS Drive with bit locker using PIN's as well as a Recovery Key as a backup this has been done. When the Pin is typed in incorrectly to many...

  7. Difference Between TCP associated MaxUserPort and Group Policy Limit outstanding packets?

    in Windows 10 Ask Insider
    Difference Between TCP associated MaxUserPort and Group Policy Limit outstanding packets?: I'm in the midst of some network optimizations, and I noticed that, within the group policy editor with the directive: "Administrative Templates / Network / QoS Packet Scheduler / Limit outstanding packets", the default configuration value was the same as the TcpOptimizer...

  8. Enable Bitlocker through Group Policy

    in Windows 10 Customization
    Enable Bitlocker through Group Policy: Command to enable BitLocker on the C drive, store the recovery key to Active directory and generate a random recovery password. Is it possible to enable Bitlocker from a GPO to all Computers joined to a Domain, if not is there a utility that would help to automate the...

  9. tpm key with pin group policy settings

    in Windows 10 Customization
    tpm key with pin group policy settings: hi i selected option in the group policy for tpm key and pin by mistake. and it locked out my computer and now i cant boot it, it says bootlocker recovery but the gives me an error. pls help...

  10. BitLocker not requiring password at boot. (Without TPM)

    in AntiVirus, Firewalls and System Security
    BitLocker not requiring password at boot. (Without TPM): I've recently installed bitlocker on my computer. Although windows says my C: drive is encrypted; I am not asked for my decryption password when i boot the computer. I get put straight into the login screen. I've done the necessary steps to enable bitlocker without TPM but...

Users found this page by searching for:

  1. what is the difference between allow tpm and require tpm