Bitlocker and TMP

G

Guest

I have a machine with a TMP 1.2 that will allow Bitlocker to be turned on.
However, I would like to use only a USB to Bitlock the system partition. I
enabled USB through the Group Policies, but it appears that I can only use
the USB in conjunction with the TPM. I was told that there is a Registry
setting that can allow me to use only the USB even though there is an enabled
TPM 1.2 chip on the board. Is there such a setting and what is it?

Alternatively, I imagine that I could disable the TPM in the BIOS, but I
haven't tried this as it would be my least desired method.

Any help appreciated.
 
R

Richard

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have a machine with a TMP 1.2 that will allow Bitlocker to be turned on.
However, I would like to use only a USB to Bitlock the system partition. I
enabled USB through the Group Policies, but it appears that I can only use
the USB in conjunction with the TPM. I was told that there is a Registry
setting that can allow me to use only the USB even though there is an enabled
TPM 1.2 chip on the board. Is there such a setting and what is it?

Alternatively, I imagine that I could disable the TPM in the BIOS, but I
haven't tried this as it would be my least desired method.

Any help appreciated.
Click to expand...

I think you need to disable the TMP so bitlocker cannot see it.
I don't understand why you don't want to disable it if you are sure you
don't want to use it?
BTW I use bitlocker with a usb key...works great.




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGcCHBqDp2fu862vwRAsChAKCLLG0Na+RzRxhLkyS7HKrxA9qgkgCfflfm
DHA9lXu68yiS0PU6e4ioc9o=
=hmFu
-----END PGP SIGNATURE-----
 
G

Guest

Richard said:
I think you need to disable the TMP so bitlocker cannot see it.
I don't understand why you don't want to disable it if you are sure you
don't want to use it?
BTW I use bitlocker with a usb key...works great.
Click to expand...


Thanks,

I tried that both in the BIOS and through the TPM Management (from the
Bitlocker screen). When I click "Turn on Bitlocker," I get the message
telling me that this computer requires the TPM to be enabled. BTW, in the
Group Policy, I disallowed "startup key with TPM" and "startup PIN with TPM."

I have used Bitlocker with a USB key on other machines and it does work great.
 
R

Richard

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks,

I tried that both in the BIOS and through the TPM Management (from the
Bitlocker screen). When I click "Turn on Bitlocker," I get the message
telling me that this computer requires the TPM to be enabled. BTW, in the
Group Policy, I disallowed "startup key with TPM" and "startup PIN with TPM."

I have used Bitlocker with a USB key on other machines and it does work great.
Click to expand...

Sorry, then I cannot help further.
I thought you would be able to disable the TPM in the BIOS.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGcEMcqDp2fu862vwRAqTfAKCEGV8ofcui1hGyjSve4q1lNVZZaACfWLCy
LsrCCJy1EFLVTwttk1avtIE=
=waIH
-----END PGP SIGNATURE-----
 
G

Guest

:

Sorry, then I cannot help further.
I thought you would be able to disable the TPM in the BIOS.
Click to expand...

Thanks anyway. My curent thought is that the TPM was enabled when I
installed VISTA and a Registry was set indication a compatible TPM is present
in the machine. I could try to re-install VISTA with the TPM in the disabled
state and see if that makes a difference, but if I can find any such Registry
key, it would save me the effort.
 
D

Dennis Pack

Tazinfo:
If you go into gpedit.msc, Windows Components, BitLocker drive
encryption, right click control panel setup: enable advanced startup
options, properties. You should be able create or skip TPM options. Have a
great day.
 
R

Robert Kochem

Tazinfo said:
I have a machine with a TMP 1.2 that will allow Bitlocker to be turned on.
However, I would like to use only a USB to Bitlock the system partition. I
enabled USB through the Group Policies, but it appears that I can only use
the USB in conjunction with the TPM. I was told that there is a Registry
setting that can allow me to use only the USB even though there is an enabled
TPM 1.2 chip on the board. Is there such a setting and what is it?
Click to expand...

That should not be a big problem if you use the manage-bde.wsf script on
the command-line instead of this incomplete GUI. With this scriipt you can
add/delete as many "protectors" (passwords, externals keys or tpm based
keys for starting up) as you want.

Robert
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Bitlocker Requirements 1
Bitlocker and TPM 1.2 not working on Thinkpad T60 1
[BitLocker:] One USB key for more than one computer 11
BitLocker, TPM, and Gateway 27
Should Recovery Drive be Encrypted by Bitlocker? 6
BitLocker - TPM & Multiple PINs 1
Anyone have a laptop with Bitlocker (TPM not USB) enabled? 12
Bitlocker Encryption stays at 0% 5

Top