unbelievable TPM/Bitlocker confusion

[Troy McClure]

this is insane... MS really screwed this one up, sorry.

to enable bitlocker you must have 2 partitions (one the C drive where
windows is installed, and another partition of at least 1.5GB that the
system will boot from... this must remain unencrypted, and be set to Active)

the problem is that once you have 2 partitions, and set the smaller one
active, you cant boot any more! so now you have to boot to the vista dvd and
choose repair... twice! finally, the boot files will be copied to the new,
active partition and you can now boot, and bitlocker wont give you the error
anymore that your drive configuration doesnt support bitlocker.

MS says a tool will be available to ease the bitlocker drive setup, but why
release it like this????

ok, so now my drives are setup to support bitlocker, but i still get the
error "a TPM was not found"... even though IBM released a vista driver for
the TPM and its ok and enabled in device manager and the bios!!

ok no problem i think, because while i wait for a fix to this problem i see
that if i dont have a TPM i can use a USB memory key... ok, how?!?!? its
plugged in and working yet in the bitlocker GUI there is NO option to use it
or enable encryption on the C drive using the USB device instead of the
"missing" tpm....

anyone play with this yet? im very unhappy with this feature and the fact
that it was released with such complications and poor help content

 

[MICHAEL]

this is insane... MS really screwed this one up, sorry.

to enable bitlocker you must have 2 partitions (one the C drive where windows is installed,
and another partition of at least 1.5GB that the system will boot from... this must remain
unencrypted, and be set to Active)

the problem is that once you have 2 partitions, and set the smaller one active, you cant boot
any more! so now you have to boot to the vista dvd and choose repair... twice! finally, the
boot files will be copied to the new, active partition and you can now boot, and bitlocker
wont give you the error anymore that your drive configuration doesnt support bitlocker.

MS says a tool will be available to ease the bitlocker drive setup, but why release it like
this????

ok, so now my drives are setup to support bitlocker, but i still get the error "a TPM was not
found"... even though IBM released a vista driver for the TPM and its ok and enabled in
device manager and the bios!!

ok no problem i think, because while i wait for a fix to this problem i see that if i dont
have a TPM i can use a USB memory key... ok, how?!?!? its plugged in and working yet in the
bitlocker GUI there is NO option to use it or enable encryption on the C drive using the USB
device instead of the "missing" tpm....

The best group to habdle your questions about BitLocker is
microsoft.public.windows.vista.security


http://msinfluentials.com/blogs/jes...-to-BitLocker-an-existing-computer_3F00_.aspx

1.. Go to Start:Run, and type gpedit.msc to open the Group Policy Editor.
2.. Select "Computer Configuration:Windows Components:BitLocker Drive Encryption".
3.. Double-click the "Control Panel Setup: Enable advanced startup options" entry in the
right-hand pane.
4.. Check the "Enable" radio button and then check the box for "Allow BitLocker without a
compatible TPM."

Also, about half way down is how to turn on BitLocker with no TPM.

http://technet2.microsoft.com/Windo...8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true

 

[Troy McClure]

thank you... so you need a policy to allow bitlocker without a tpm

 

[MICHAEL]

You're welcome. Yes, you need to manually set that policy
to allow/enable BitLocker without TPM. Once you make that
change via gpedit.msc, then go back to BitLocker's options
and turn it on.


Take care,

Michael

 

[MICHAEL]

Actually, through gpedit you enable
"Control Panel Setup: Enable advanced startup options"

Once that is enabled, then BitLocker will show the option
to enable without a TPM.


-Michael

 

[Troy McClure]

yup. all good, still wont work for me though.
im saving everything on the usb key, but then after reboot i get a message
that the usb key couldnt be read. i want to say that my bios isnt allowing
pre-boot access to the usb drive, but its a brand new bios in a new IBM
thinkpad so i doubt they left out that functionality... plus i looked in the
bios and USB support is enabled.

i think ill be bitlocker-less for a while

 

[Michael Jennings]

Aw, that does me sorrow. Why not post in a quiet, appropriate group
instead of this lively trollfest of a newsgroup? Jamie Hunter [MS] solved
a couple of BitLocker problems there on Dec. 12th - here's the group:
news://msnews.microsoft.com/microsoft.public.windows.vista.security

 

[Troy McClure]

ill check that out, thank you! really its probably not that big of a deal
because by the time i build the new system ill have better supported drivers
etc.

Aw, that does me sorrow. Why not post in a quiet, appropriate group
instead of this lively trollfest of a newsgroup? Jamie Hunter [MS] solved
a couple of BitLocker problems there on Dec. 12th - here's the group:
news://msnews.microsoft.com/microsoft.public.windows.vista.security

yup. all good, still wont work for me though.
im saving everything on the usb key, but then after reboot i get a
message
that the usb key couldnt be read. i want to say that my bios isnt
allowing
pre-boot access to the usb drive, but its a brand new bios in a new IBM
thinkpad so i doubt they left out that functionality... plus i looked in
the
bios and USB support is enabled.

i think ill be bitlocker-less for a while

 

[Lang Murphy]

I don't have BitLocker running on any of my Vista boxes right now... but I
did set it up and it was problematic. Partially, no doubt, attributable to
OE. I had to go into my BIOS two different times to get it to work. Forget
the specifics of it but it was something like, go into BIOS settings, enable
TPM, exit BIOS settings, reboot, enter BIOS settings, turn on TPM... If one
attempts to do both settings in one BIOS session, it doesn't work... or it
didn't back in the RC code.

Not saying that's what your problem is/was... just that getting BL to work
was not straightforward -for me-.

Lang

 

[Guest]

The insane part, the below information should have been included within
BitLocker "Help" section.

The BitLocker 1.5G Partition must be setup as the "First" Partition for
Booting.

The second Partition is used for the OS. If the OS is installed on the first
Partition, BitLocker can not and will not be installed!!!


NOTE: taken from previous Post

Browse technet Executive summary:
http://technet.microsoft.com/en-us/windowsvista/aa905065.aspx
Of the five links links furnished there, select to examine
"Windows BitLocker Drive Encryption Step by Step Guide"

The above information prevents enormous mental conflicts !!!