When using bitlocker without a TPM, can the startup key be removed after boot?
-
24 Şubat 2012 Cuma 09:28When using bitlocker without a TPM, can the startup key be removed after boot?
I want to know what to teach my users to do, since we can't have them leaving the startup keys in the PCs overnight or there'll be no security at all!
Tüm Yanıtlar
-
27 Şubat 2012 Pazartesi 08:28Moderatör
Hi,
If the user that currently logged on the computer is administrator, the startup key can be removed after boot. If not, the standard user cannot disable Bitlocker.
Administrator can disable Bitlocker via both command line bde-manage and GUI if the encrypted computer is already booted up.
http://technet.microsoft.com/en-us/library/ff829849(v=ws.10).aspx
Juke Chou
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.Juke Chou
TechNet Community Support
-
28 Şubat 2012 Salı 10:18Moderatör
Hi,
Any update?
Juke Chou
TechNet Community Support
-
28 Şubat 2012 Salı 13:21
I don't mean disable or permanently remove Bitlocker, I just mean physically remove the startup key.
Anyway, Windows itself produces a message saying "Remove media" or similar, that shows for a varying length of time just before the Windows splash screen. So it seems fine.
-
29 Şubat 2012 Çarşamba 05:28Moderatör
Hi,
Of course, the startup key can be removed from computer. When the Windows 7 finish boot process, the drives encrypted by Bitlocker are already visible. We donot need startup key until the next reboot.
Juke Chou
TechNet Community Support
- Yanıt Olarak İşaretleyen Jet Shop IT 29 Şubat 2012 Çarşamba 14:17
.png)
