none
Win 10 pro + Bitlocker + TPM + USB + PIN RRS feed

  • Question

  • Simple question:

    I know about Bitlocker ! Always use this on my computer.

    First time my computer got a TPM: Surface pro 4

    Need to use usb key to start my compter and a PIN password.

    just like a computer who do not have TPM. and use the bitlocker.

    I do the same 

    gpedit.msc

    On the computer configuration:

    Models of Directors
    Windows Components
    Bitlocker Drive Encryption
    OS drive.
    Finally I active (REQUIRE ADDITIONAL START AUTHENTICATION)

    Then the computer asks my USB KEY.
    He asks me to safeguard RECOVERY Clee. I DO ON AN EXTERNAL HARD DRIVE
    And start my computer. FOR THE TEST.
    Upon restart, I get this message:
    IMPOSSIBLE to enable BitLocker

    IMPOSSIBLE TO OBTAIN THE KEY BitLocker encryption. CHECK THAT SECURE PLATFORM MODULE (TPM) IS ACTIVATED AND THAT THE PROPERTY HAS BEEN ACQUIRED. IF THIS COMPUTER HAS NO MODULE ENCRYPTION SECURE. MAKE SURE THE USB DRIVE AND THEN IS AVAILABLE.

    YES IS ON THE TPM
    YES THE USB KEY IS AVAILABLE.
    SO HOW I DO TO HAVE THE PROPERTY OF THE PLATFORM SECURE (TPM)
    Is it possible ?

    If not, how do I disable the TPM in order to use a USB KEY and PIN PASSWORD at startup WITH, BitLocker.

    THANK YOU IN ADVANCE FOR YOUR ANSWERS.

    Thursday, January 21, 2016 8:22 PM

Answers

  • Hi,

    How did you configure the "Require additional authentication at startup" policy?

    We need to know, if one authentication method is required, the other methods cannot be allowed.

    Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.

    Note: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.

    In addition, please boot into BIOS to check if you have turned on the TPM.

    This article could be referred:

    BitLocker Group Policy Settings

    https://technet.microsoft.com/en-in/library/jj679890.aspx#BKMK_unlockpol1


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Friday, January 22, 2016 6:17 AM
    Moderator