Windows 10: extend bitlocker protection with pin, usb pen drive, or TPM

Discus and support extend bitlocker protection with pin, usb pen drive, or TPM in AntiVirus, Firewalls and System Security to solve the problem; Hi, I was reading elsewhere, and not covered by this guide, that I could extend bitlocker protection with a pin and even an usb pen drive in addition... Discussion in 'AntiVirus, Firewalls and System Security' started by windoc, Apr 12, 2020.

  1. windoc Win User

    extend bitlocker protection with pin, usb pen drive, or TPM


    Hi, I was reading elsewhere, and not covered by this guide, that I could extend bitlocker protection with a pin and even an usb pen drive in addition to the key stored in the tpm. Is there a simple step by the step guide that shows you how to do this correctly? I was briefly looking at different options in the local group policy editor and I found some relevant option, however, I don't want to try to turn it on without having some guidance. Thank-you.

    :)
     
    windoc, Apr 12, 2020
    #1

  2. BitLocker with TPM mode protection only?


    I have a laptop which is a Dell E6440 and was just wondering if it vulnerable to these DMA attacks through Thunderbolt and Firewire methods.

    Reason asking, is because I have BitLocker full disk encryption turned ON with TPM-Only protection (meaning no PIN).
    Would this be fine or how can I tell if my laptop is vulnerable to DMA or Memory attacks?

    Overall, is it OK to use BitLocker with TPM-only protection or do I need a PIN as well?
     
    win10freak, Apr 12, 2020
    #2
  3. Windows Bitlocker - Two/Multiple drives with TPM

    Yes, you can have your OS drive automatically boot from a bitlocker'd drive without prompting for a passowrd. Mine works that way. But it requires either an activated TPM, or a bitlocker password on a USB key, or both.

    Use of just the TPM means that if someone steals your drive, they can't read it - but if they steal your computer, and manage to log in, they can.

    Use of just the USB key means you'll have to have the USB key plugged in when you boot.

    Optinally you can use TPM + PIN, or TPM + USB. Like "just TPM" both of these lock the drive to the computer, and protect the boot environment from changes, via the TPM. They add either "something you know" (PIN) or "something you have" (USB key) to the need for the TPM.

    The recovery key, in case you were wondering, bypasses the need to match the TPM... useful if you change the boot environment (while leaving BL enabled) or need to access the drive from another machine.

    See "What is a BitLocker Drive Encryption startup key or PIN?" at microsoft.com , and "How to configure BitLocker with TPM, PIN, and USB StartupKey" at mrhorn.com for the detailed procedures.
     
    Jamie Hanrahan, Apr 12, 2020
    #3
  4. extend bitlocker protection with pin, usb pen drive, or TPM

    Bitlocker fails to find USB Key ONLY When TPM+PIN+STARTUPKEY are enabled

    Hi

    I cant enable bitlocker with TPM+PIN+Startupkey. Bitlocker asks for the USB key to be insterted on bootup.

    TPM+PIN works fine, I tested it.

    TPM+Startupkey works fine, I tested it.

    I have ownership of my TPM and its working for EFS right now.

    When I enable TPM+Startupkey+PIN, bitlocker fails to unlock at bootup, asking me to insert my USB key.

    I've tried both USB 2 and 3 ports on my PC, nothing works.

    I'm forced to enter a recovery password to unlock.

    My group policy allows all methods of authenication, and requires use of a TPM.

    The USB drive is formatted as FAT32, containing 2GB.

    My system is a EUFI installation, using GPT. The USB drive is detected in BIOS, windows boots first.

    My BIOS is updated too.

    Latest chipset drivers are installed.

    Latest USB drivers installed.

    I have a Sabertooth 990fx motherboard.

    Windows 10, non beta, latest updates.

    Moved here:

    https://social.technet.microsoft.com/Forums/en-US/65424c29-25ec-4b8d-9090-2e85ca29f9cb/bitlocker-fails-to-find-usb-key-only-when-tpmpinstartupkey-are-enabled?forum=win10itprosecurity
     
    99ytrewq911, Apr 12, 2020
    #4
Thema:

extend bitlocker protection with pin, usb pen drive, or TPM

Loading...
  1. extend bitlocker protection with pin, usb pen drive, or TPM - Similar Threads - extend bitlocker protection

  2. Bitlock drive protection

    in Windows 10 Gaming
    Bitlock drive protection: I removed a boot drive to recover my lost emails and was prompted to enter the bitlock key. which I don’t have. I wasn’t aware there was any protection installed. Otherwise I wouldn’t have started. So after reinserting the drive back into the original laptop, the boot...
  3. Bitlock drive protection

    in Windows 10 Software and Apps
    Bitlock drive protection: I removed a boot drive to recover my lost emails and was prompted to enter the bitlock key. which I don’t have. I wasn’t aware there was any protection installed. Otherwise I wouldn’t have started. So after reinserting the drive back into the original laptop, the boot...
  4. Pen Drive Write Protected

    in Windows 10 Network and Sharing
    Pen Drive Write Protected: Hi everyone! I have a 4 GB Transcend pen drive which I formatted few days back. But I think that I made any mistake in formatting the pen drive I think I disturbed the file system column which made my pen drive Write Protected as shown in the attachment below. This had made...
  5. Bitlocker TPM and PIN Intune

    in AntiVirus, Firewalls and System Security
    Bitlocker TPM and PIN Intune: Hi All, I've tried setting up TPM and PIN in SCCM via MBAM and it all works fine and is really good! However for Tamper protection for Defender Antivirus you need to use Intune. This means you can switch the workload, all well and good however it seems in intune there is...
  6. USB DRIVE(PEN) NOT OPENING

    in Windows 10 Drivers and Hardware
    USB DRIVE(PEN) NOT OPENING: HI, my usb drive (pen) not opening-renamed the drive but still no good.keeps asking me to insert a disk...? anyone help-usb holds 32.gb when full....
  7. Bitlocker...TPM + PIN vs Password?

    in AntiVirus, Firewalls and System Security
    Bitlocker...TPM + PIN vs Password?: I have seen this question asked elsewhere several times, but with different answers...so I just want to make sure my understanding of BitLocker is correct. In the past, I had used BitLocker on several computers that did Not have a TPM...therefore I had to use a strong...
  8. BitLocker with TPM mode protection only?

    in AntiVirus, Firewalls and System Security
    BitLocker with TPM mode protection only?: I have a laptop which is a Dell E6440 and was just wondering if it vulnerable to these DMA attacks through Thunderbolt and Firewire methods. Reason asking, is because I have BitLocker full disk encryption turned ON with TPM-Only protection (meaning no PIN). Would this be...
  9. USB Pen Drive Failure

    in Windows 10 Drivers and Hardware
    USB Pen Drive Failure: I have a Toshiba 16GB pen drive on to which I was copying programs from my Downloads Folder when for no apparent reason it crashed while copying Ashampoo Office 12 (no power failure or accidental pressing of a key). The pen drive is now inaccessible and is not recognised by...
  10. How to write-protect USB pen?

    in Windows 10 Drivers and Hardware
    How to write-protect USB pen?: Hi. I'd like to write protect my usb pen drive (Kingston DataTraveler 2.0) but it has got no hardware switch. Is there any way to w/protect it via Windows 10 software? Thank you! Joe 84174