none
Bitlocker without TPM - using startup key and PIN RRS feed

  • Question

  • I can't seem to find the correct syntax for getting Bitlocker going with startup key AND PIN. I am able to use the wizard to get it working with startup key only and read that to enable startup key and PIN I need to use the command line. I've tried different iterations of the below without success. Any help is appreciated.


    C:\Windows\system32>manage-bde -on c: -rp -rk f: -tsk e: -tpsk -tp password
    BitLocker Drive Encryption: Configuration Tool version 6.1.7601
    Copyright (C) Microsoft Corporation. All rights reserved.

    Volume C: []
    [OS Volume]
    ERROR: Specifying the parameter '-StartupKey' is required to BitLocker-protect
    the OS volume.

    Type "manage-bde -on -?" for more information.

    C:\Windows\system32>manage-bde -on c: -rp -sk e: -rk f: -tsk e: -tpsk -tp password
    BitLocker Drive Encryption: Configuration Tool version 6.1.7601
    Copyright (C) Microsoft Corporation. All rights reserved.

    Volume C: []
    [OS Volume]
    ERROR: This computer either does not have a TPM, or one which is capable of
    being used with BitLocker.

    C:\Windows\system32>manage-bde -on c: -rp -sk e: -rk f: -tpsk -tp password
    BitLocker Drive Encryption: Configuration Tool version 6.1.7601
    Copyright (C) Microsoft Corporation. All rights reserved.

    ERROR: You must specify the Startup Key with -tsk.

    C:\Windows\system32>manage-bde -on c: -rp -tsk e: -rk f: -tpsk -tp password
    BitLocker Drive Encryption: Configuration Tool version 6.1.7601
    Copyright (C) Microsoft Corporation. All rights reserved.

    Volume C: []
    [OS Volume]
    ERROR: Specifying the parameter '-StartupKey' is required to BitLocker-protect
    the OS volume.

    Type "manage-bde -on -?" for more information.

    C:\Windows\system32>

    Sunday, August 2, 2015 2:19 AM

Answers

  • Hi Alceryes,

    Base on my search, you can create either the startup key or the startup PIN, but not both.

    More details refer to the following article:

    What is a BitLocker Drive Encryption startup key or PIN 

    In addition to the option of creating a startup key, you have the option of creating a startup personal identification number (PIN). You can create either the startup key or the startup PIN, but not both. The startup PIN can be any number that you choose from 4 to 20 digits in length. The PIN is stored on your computer.  You will have to type the PIN each time you start the computer.

    You can only create a startup key or PIN when you turn on BitLocker for the first time. After you create the startup key or PIN, you can use the BitLocker Manage Keys feature to change the PIN. You can also make additional copies of the startup key to use in case you lose the original.

    Manage-bde.exe Parameter Reference

    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    • Marked as answer by Alceryes Friday, August 7, 2015 2:28 PM
    Tuesday, August 4, 2015 3:15 AM

All replies

  • Hi Alceryes,

    Base on my search, you can create either the startup key or the startup PIN, but not both.

    More details refer to the following article:

    What is a BitLocker Drive Encryption startup key or PIN 

    In addition to the option of creating a startup key, you have the option of creating a startup personal identification number (PIN). You can create either the startup key or the startup PIN, but not both. The startup PIN can be any number that you choose from 4 to 20 digits in length. The PIN is stored on your computer.  You will have to type the PIN each time you start the computer.

    You can only create a startup key or PIN when you turn on BitLocker for the first time. After you create the startup key or PIN, you can use the BitLocker Manage Keys feature to change the PIN. You can also make additional copies of the startup key to use in case you lose the original.

    Manage-bde.exe Parameter Reference

    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    • Marked as answer by Alceryes Friday, August 7, 2015 2:28 PM
    Tuesday, August 4, 2015 3:15 AM
  • Thx Niko.

    ...and since I have to use a USB key (since I don't have a TPM) I can't use a password.

    Friday, August 7, 2015 2:28 PM