Windows 10: Bitlocker with TPM

Discus and support Bitlocker with TPM in AntiVirus, Firewalls and System Security to solve the problem; Hi , I,m not sure if this is the right place to post this . Anyway , My query is about encryption on win10 pro . Previously I had a laptop with... Discussion in 'AntiVirus, Firewalls and System Security' started by tamo, Jun 9, 2017.

  1. tamo Win User

    Bitlocker with TPM


    Hi , I,m not sure if this is the right place to post this .

    Anyway , My query is about encryption on win10 pro .

    Previously I had a laptop with no TPM so I had to us the group policy editor to allow encryption to work , fine ,all was working and I had to type a password to unlock bilocker when my laptop came out of hibernation or rebooted .

    I now have a laptop with a TPM which seems much easier and apparently more secure but here,s what,s bothering me : I do not need to type a password on start up or coming out of hibernation to unlock the drive so just say someone stole my laptop . they would be able to get into the OS and files even though its encrypted . I do have a PIN to sign in to windows but just say I only wanted to use a local account with no PIN or password how useful is having my laptop encrypted .
    What then is the main reason for using encryption ?

    Sorry if I've confused anyone or my explanation isn't so clear .

    :)
     
    tamo, Jun 9, 2017
    #1
  2. Mr_Cohen Win User

    BitLocker On TPM ver 2.0

    Hey all.

    I hope that i'm asking this at the right area of this Forum.

    I have a DELL Latitude 5480 with Win10 pro on it.

    After enabling BitLocker, BitLocker asking for a recovery key on every reboot.

    I've found that BitLocker cannot work properly with TPM ver 2.0, (Dell Latitude 5480 comes with TPM version 2.0).

    After downgrading TPM, from ver 2.0 to ver 1.2, BitLocker works smoothly.

    Any solution for BitLocker on TPM ver2.0?

    Thank in advance.
     
    Mr_Cohen, Jun 9, 2017
    #2
  3. Bitlocker with TPM installed

    Hi! I was able to encrypt my system drive with bitlocker with TPM.

    Now I'm trying to use bitlocker to my other data drives but bitlocker can't use TPM.

    Any help?
     
    HenriMattila, Jun 9, 2017
    #3
  4. dencal Win User

    Bitlocker with TPM

    With your need for encryption why on earth would you even consider leaving open your local account without a pin or password?
    It defeats the object of securing your computer.....locking the front door but leaving the back door open.
     
    dencal, Jun 9, 2017
    #4
  5. tamo Win User
    That's the answer I deserved with a post like that . I always use a password or pin to log in to windows . I just liked it better when I had to also use a password to unlock the drive . I have nothing even so sensitive to warrant encryption I use it because I can.
     
    tamo, Jun 9, 2017
    #5
  6. dencal Win User
    It takes a special kind of person to reply as you have, and a wise one at that....regards .
     
    dencal, Jun 9, 2017
    #6
  7. TAMO,
    you are NOT wrong in what you want to do. TPM is SUPPOSED to protect this stuff. BUT, I have a samsung tabPro S (windows), and have even written to samsung PRESIDENT in s. Korea, and no reply. They institute this stuff, and then never have details about it.

    You ARE correct that RELYING solely on the TPM is problematic. BUT, you CoULD edit the group policy for Bitlocker and allow a PIN; you then get protection of "TPM plus PIN", which requires that PIN for ANY windows boot-up, including hibernation (I have my notebooks set up for TPM plus PIN). You THEN could leave the actual windows user as not requiring a password (first, test to verify)

    HOWEVER (and again, I may post a more detailed thread on this question), your machine may have an actual BIOS ADMINISTRATOR PASSWORD. From my understandings from SOME threads (although still not clear), this BIOS ADMINISTRATOR PASSWORD is controlled by TPM also.

    In my scenario (I am not totally comfortable with it yet), I start the tablet (the samsung), and ON-screen keyboard comes up, and I can enter the BIOS ADMINISTRATOR PASSWORD. If this is NOT entered corectly, it shuts down. IF it IS entered corectly, then Boot-up continues, Bitlocker unlocks (its key is stored with the TPM), and it boots up to my Username/p[assword for windows.
    I DID WANT to have "bitlocker PLUS PIN", but the problem with the samsung is that the On-screen keyboard does NOT work for Bitlocker, it only works for the BIOS ADMINISTRATOR PASSWORD. REPEATED requests to samsung have been fruitless for an answer about the on-screen keyboard.

    In the above scenario, if someone STOLE the computer, lets assume they can't break the BIOS ADMINISTRATOR PASSWORD. if they got to the BIOS, and somehow CLEARED the TPM, then the Bitlocker key gets wiped out, and bitlocker owuld need entry of the 46-character actual recovery key.

    Anyway, for your situation, explore the BIOS ADMINISTRATOR PASSWORD, and the GPEDIT.msc (group policy) to allow Bitlocker to have a PIN.

    hope this helps
     
    astormyday, Apr 5, 2018
    #7
Thema:

Bitlocker with TPM

Loading...
  1. Bitlocker with TPM - Similar Threads - Bitlocker TPM

  2. Bitlocker on a non-TPM computer how secure is the password?

    in AntiVirus, Firewalls and System Security
    Bitlocker on a non-TPM computer how secure is the password?: I went thru the steps to enable bitlocker without a TPM module. I set it up to enter a password before bootup. Every thing appears to be working okay, but my question is just how secure is the password?! Is it stored on the hard drive unencrypted? How difficult would it be...
  3. Bitlocker on a non-TPM computer how secure is the password?

    in Windows 10 Support
    Bitlocker on a non-TPM computer how secure is the password?: I went thru the steps to enable bitlocker without a TPM module. I set it up to enter a password before bootup. Every thing appears to be working okay, but my question is just how secure is the password?! Is it stored on the hard drive unencrypted? How difficult would it be...
  4. How is the TPM involved when encrypting system drives with BitLocker?

    in Windows 10 Ask Insider
    How is the TPM involved when encrypting system drives with BitLocker?: Let's say I encrypt my laptop's hard drive with BitLocker and the protectors set are a numerical password (so the recovery key that I can access at aka.ms/myrecoverykey) and a TPM & PIN (so when I start the laptop to get into Windows it needs to recognize the TPM and I need...
  5. Computer Not Booting After I Enabled TPM and Bitlocker for C Drive

    in Windows 10 BSOD Crashes and Debugging
    Computer Not Booting After I Enabled TPM and Bitlocker for C Drive: I was trying to encrypt C drive with BitLocker but I was getting error for TPM so I enabled TPM and turn on BitLocker, after the restart my computer is not booting. When I power on I get AD Ready to Boot event code on motherboard and computer turn off after 10-15 seconds....
  6. extend bitlocker protection with pin, usb pen drive, or TPM

    in AntiVirus, Firewalls and System Security
    extend bitlocker protection with pin, usb pen drive, or TPM: Hi, I was reading elsewhere, and not covered by this guide, that I could extend bitlocker protection with a pin and even an usb pen drive in addition to the key stored in the tpm. Is there a simple step by the step guide that shows you how to do this correctly? I was briefly...
  7. TPM BITLOCKER LOST PASSWORD TO UNLOCK THE OTHER DRIVES

    in AntiVirus, Firewalls and System Security
    TPM BITLOCKER LOST PASSWORD TO UNLOCK THE OTHER DRIVES: Dear Microsoft Team, I lost the password of the drives D: and E: see the image attached, passwors are masked but not the C: drive Is there any solution to change it or recover it with TPM management ? [ATTACH]...
  8. Bitlocker TPM and PIN Intune

    in AntiVirus, Firewalls and System Security
    Bitlocker TPM and PIN Intune: Hi All, I've tried setting up TPM and PIN in SCCM via MBAM and it all works fine and is really good! However for Tamper protection for Defender Antivirus you need to use Intune. This means you can switch the workload, all well and good however it seems in intune there is...
  9. TPM 1.2, Bitlocker, Secure Boot, Recovery question

    in AntiVirus, Firewalls and System Security
    TPM 1.2, Bitlocker, Secure Boot, Recovery question: I have several laptops that are domain joined with Bitloocker policies to encrypt the OS and data drives in place. I have enabled Secure Boot, encrypted the drives and they require a complex pin to start the OS. This all works as expected, however everything I am reading with...
  10. Trying to enable BitLocker but unable to locate Trusted Platform Module TPM

    in AntiVirus, Firewalls and System Security
    Trying to enable BitLocker but unable to locate Trusted Platform Module TPM: Hi All, I've been dealing with a user's machine Dell Latitude 7480 and I am unable to turn on his BitLocker Encryption. I've done a ton of research and advised him to go to the BIOS Setup on boot up to ensure under Security "TPM 2.0 Security" was turned on but there is no...
Tags: