locked
Bitlocker and Windows RRS feed

  • Question

  • Hello Everyone,

    I've a question about Bitlocker.

    I've noticed that you need a TPM Chip to use bitlocker (not a problem because all our laptops have tpm).
    To use TPM you need a BIOS password.
    After enabling TPM you can enable Bitlocker.

    Here happened something strange we tried this:

    -Login into Microsoft, MMC, TPM --> DISABLED
    -Enable Bios Password
    -Enable TPM
    -Login into windows, MMC, TPM --> Enabled

    Then just for trying we cancelled the password from the bios (this should disable the TPM chip no?)

    Relogged into Windows, MMC,TPM --> Still Enabled

    It is correct that even if you cancel the BIOS password (and in fact the TPM options greys out) that the TPM is still active?

    Cheers.

    Friday, February 12, 2016 8:21 AM

Answers

  • Hello,

    I knew that you can use Bitlocker without TPM (not reccomended by Microsoft),

    but in all documents for deploying Bitlocker with SCCM they said that a requirements for TPM was that the BIOS was password protected.

    ok - good to know that is not a prerequisite.

    Thank you :)

    Yes, that's not the prerequisite if you want to enable it.

    Please read this article:

    https://technet.microsoft.com/en-in/library/jj592683.aspx?f=255&MSPPError=-2147217396

    About the SCCM deployment BitLocker, it's recommend you ask in SCCM forum for further help.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, February 19, 2016 9:10 AM

All replies

  • I have never seen it documented that having a password for BIOS is required in order to use the TPM. I have used the TPM before without enabling a BIOS/UEFI password.

    Adding a BIOS/UEFI password surely increases security, but I do not think it has ever been a requirement to use the TPM.

    For what it's worth, you also do not need a TPM to even use Bitlocker, it just strengthens the security immensely. 
    Friday, February 12, 2016 1:27 PM
  • Hi,

    Yes, as above, there is no official information states that the TPM need BIOS password.

    Thus enabling or disabling the BIOS password won't affect TPM and BitLocker.

    In addition, you also could use the BitLocker without the TPM enabled.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    • Edited by Karen Hu Tuesday, February 16, 2016 6:58 AM
    Tuesday, February 16, 2016 6:57 AM
  • Hello,

    I knew that you can use Bitlocker without TPM (not reccomended by Microsoft),

    but in all documents for deploying Bitlocker with SCCM they said that a requirements for TPM was that the BIOS was password protected.

    ok - good to know that is not a prerequisite.

    Thank you :)

    Tuesday, February 16, 2016 7:01 AM
  • Hello,

    I knew that you can use Bitlocker without TPM (not reccomended by Microsoft),

    but in all documents for deploying Bitlocker with SCCM they said that a requirements for TPM was that the BIOS was password protected.

    ok - good to know that is not a prerequisite.

    Thank you :)

    Tuesday, February 16, 2016 7:01 AM
  • Hello,

    I knew that you can use Bitlocker without TPM (not reccomended by Microsoft),

    but in all documents for deploying Bitlocker with SCCM they said that a requirements for TPM was that the BIOS was password protected.

    ok - good to know that is not a prerequisite.

    Thank you :)

    Yes, that's not the prerequisite if you want to enable it.

    Please read this article:

    https://technet.microsoft.com/en-in/library/jj592683.aspx?f=255&MSPPError=-2147217396

    About the SCCM deployment BitLocker, it's recommend you ask in SCCM forum for further help.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, February 19, 2016 9:10 AM