Windows 10: How is the TPM involved when encrypting system drives with BitLocker?

Discus and support How is the TPM involved when encrypting system drives with BitLocker? in Windows 10 Ask Insider to solve the problem; Let's say I encrypt my laptop's hard drive with BitLocker and the protectors set are a numerical password (so the recovery key that I can access at... Discussion in 'Windows 10 Ask Insider' started by /u/FloatingMilkshake, May 17, 2020.

  1. /U/FLOATINGMILKSHAKE
    /u/FloatingMilkshake Win User

    How is the TPM involved when encrypting system drives with BitLocker?


    Let's say I encrypt my laptop's hard drive with BitLocker and the protectors set are a numerical password (so the recovery key that I can access at aka.ms/myrecoverykey) and a TPM & PIN (so when I start the laptop to get into Windows it needs to recognize the TPM and I need to enter a PIN/password to unlock the drive and boot Windows).

    Now let's say my laptop is having problems and I can't get it to start up but I want to get the data off the drive. So I pull the drive and connect it to another computer...but remember how one of the protectors was the TPM and the PIN? I can't just enter that PIN to unlock it. It needs the TPM to be present, too. But I should be able to enter my recovery key and the drive will unlock without the TPM being present, right?

    TL;DR: if a drive is encrypted with BitLocker and the protectors are the TPM and a PIN (both required at the same time) or a recovery key I can plug the drive into another computer and enter the recovery key to unlock it without the TPM being present, right?

    submitted by /u/FloatingMilkshake
    [link] [comments]

    :)
     
    /u/FloatingMilkshake, May 17, 2020
    #1
  2. SAM9
    sam9 Win User

    How to Use Bitlocker on Only Non System Drive and without TPM


    I want to use Bitlocker on my Non System E Drive without TPM. I read somewhere to do the following for without TPM:

    " Under Local Computer Policy navigate to Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives and double click on Require additional authentication at startup." and so on.

    but I am confused because the above note is mentioning "Operating System Drives " wherein I want to turn on Bitlocker on Non System Drive.

    Can we turn bitlocker "on" on Non System Drives without turning it "on" on System Drives and Can we turn it "on" on
    a Single Folder instead of Drive.

    Please advise step by step.
     
    sam9, May 17, 2020
    #2
  3. HENRIMATTILA
    HenriMattila Win User
    Bitlocker with TPM installed

    Hi! I was able to encrypt my system drive with bitlocker with TPM.

    Now I'm trying to use bitlocker to my other data drives but bitlocker can't use TPM.

    Any help?
     
    HenriMattila, May 17, 2020
    #3
  4. YAN.S
    Yan.S Win User

    How is the TPM involved when encrypting system drives with BitLocker?

    Bitlocker without TPM

    Hi there,

    I'm trying to use Bitlocker without TPM

    My version is Windows 10 Home, and I try to follow -

    To turn on BitLocker Drive Encryption on a computer without a compatible TPM



    1. Click Start, type gpedit.mscin the Start Search box, and then press ENTER.
    2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    3. In the Local Group Policy Editor console tree, click Local Computer Policy, click Administrative Templates, click Windows Components, and then clickBitLocker Drive Encryption.
    4. Double-click the setting Control Panel Setup: Enable Advanced Startup Options.
    5. Select the Enabled option, select the Allow BitLocker without a compatible TPM check box, and then click OK.
    You have changed the policy setting so that you can use a startup key instead of a TPM.

    1. Close the Local Group Policy Editor.
    2. To force Group Policy to apply immediately, you can click Start, typegpupdate.exe /forcein the Start Search box, and then press ENTER.
    3. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.
    4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    5. On the BitLocker Drive Encryption page, click Turn On BitLocker. This will only appear with the operating system volume.
    6. On the Set BitLocker Startup Preferences page, select the Require Startup USB Key at every startup option. This is the only option available for non-TPM configurations. This key must be inserted each time before you start
      the computer.
    7. Insert your USB flash drive in the computer, if it is not already there.
    8. On the Save your Startup Key page, choose the location of your USB flash drive, and then click Save.
    9. On the Save the recovery password page, you will see the following options:
    · Save the password on a USB drive. Saves the password to a USB flash drive.

    · Save the password in a folder. Saves the password to a folder on a network drive or other location.

    · Print the password. Prints the password

    While I have a problem on step 4.

    Double-click the setting Control Panel Setup: Enable Advanced Startup Options.

    I can find "BitLocker Drive Encryption" on my group policy editor, while I cannot find
    Control Panel Setup: Enable Advanced Startup Options anywhere.

    Thank you for your help.

    Best Regards,

    Yan
     
    Yan.S, May 17, 2020
    #4
Thema:

How is the TPM involved when encrypting system drives with BitLocker?

Loading...

  1. How is the TPM involved when encrypting system drives with BitLocker? - Similar Threads - TPM involved encrypting

  2. Encrypted drive alterative to TPM.

    in Windows 10 Gaming
    Encrypted drive alterative to TPM.: Could I install Bitlocker to encrypt my drive to install windows 11 on a PC that is not fitted with a TPM? https://answers.microsoft.com/en-us/windows/forum/all/encrypted-drive-alterative-to-tpm/7e855a94-03b1-405d-a2f4-b9647b5d1cef

  3. Encrypted drive alterative to TPM.

    in Windows 10 Software and Apps
    Encrypted drive alterative to TPM.: Could I install Bitlocker to encrypt my drive to install windows 11 on a PC that is not fitted with a TPM? https://answers.microsoft.com/en-us/windows/forum/all/encrypted-drive-alterative-to-tpm/7e855a94-03b1-405d-a2f4-b9647b5d1cef

  4. When clearing the TPM in Windows 11 home on a laptop will the bitlocker drive encryption...

    in Windows 10 Gaming
    When clearing the TPM in Windows 11 home on a laptop will the bitlocker drive encryption...: When clearing the TPM in Windows 11 home on a laptop will the bitlocker drive encryption keys stay the same and still work? https://answers.microsoft.com/en-us/windows/forum/all/when-clearing-the-tpm-in-windows-11-home-on-a/54703f6c-7d76-4cea-a366-f177400de8dd

  5. When clearing the TPM in Windows 11 home on a laptop will the bitlocker drive encryption...

    in Windows 10 Software and Apps
    When clearing the TPM in Windows 11 home on a laptop will the bitlocker drive encryption...: When clearing the TPM in Windows 11 home on a laptop will the bitlocker drive encryption keys stay the same and still work? https://answers.microsoft.com/en-us/windows/forum/all/when-clearing-the-tpm-in-windows-11-home-on-a/54703f6c-7d76-4cea-a366-f177400de8dd

  6. Can't encrypt system drive with bitlocker - Windows 10 pro and TPM activated

    in AntiVirus, Firewalls and System Security
    Can't encrypt system drive with bitlocker - Windows 10 pro and TPM activated: Hello Community,I have a problem I can't solve by myself. Since 2 days, I am trying to encrypt my system C: drive with BitLocker. To clarify, I have a Windows 10 Pro license and my TPM is activated I think. Still, I get an error when trying to encrypt my drive. Windows and...

  7. "the operating system drive is not protected by bitlocker drive encryption"

    in AntiVirus, Firewalls and System Security
    "the operating system drive is not protected by bitlocker drive encryption": Hi. My pc has 8 drives attached to it. A: sata ssd B: usb C: m2 nvme E: m2 nvme U: sata ssd W: usb X: sata hdd Y: sata hdd E, U X and Y are bitlocked. I wanted to turn on the auto-unlock feature, which worked fine except for drive E, which give the error,...

  8. Access a Bitlocker encrypted system drive as external drive

    in AntiVirus, Firewalls and System Security
    Access a Bitlocker encrypted system drive as external drive: I am getting rid of a desktop with a bitlocker encrypted C drive. I want to physically remove that drive and have access to it from another pc via external usb dock or enclosire Bitlocker question: Do I need to decrypt it first ? I was thinking with the key or the password...

  9. Access a Bitlocker encrypted system drive as external drive

    in Windows 10 Support
    Access a Bitlocker encrypted system drive as external drive: I am getting rid of a desktop with a bitlocker encrypted C drive. I want to physically remove that drive and have access to it from another pc via external usb dock or enclosire Bitlocker question: Do I need to decrypt it first ? I was thinking with the key or the password...

  10. How to Use Bitlocker on Only Non System Drive and without TPM

    in AntiVirus, Firewalls and System Security
    How to Use Bitlocker on Only Non System Drive and without TPM: I want to use Bitlocker on my Non System E Drive without TPM. I read somewhere to do the following for without TPM: " Under Local Computer Policy navigate to Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating...