Enforcing Bitlocker to ask for a password at boot


  1. kevvyb
    Posts : 247
    Windows 10 Pro version 21H2 (standalone licence)
       New #1

    Enforcing Bitlocker to ask for a password at boot


    Still trying to figure this out.

    On my last installation the machine (with no TPM) was secured with bitlocker (software encryption) and this I was able to select to enter a key at boot rather than using a key on a USB flash drive. And I don't remember having to think too hard about it.

    On my new machine which has a TPM enabled I am struggling to replicate this.

    I have looked at GP Editor a number of times to try to work it out. I have just realised that configuring 'Configure use of passwords for fixed data drives' is not what I want. From GPEditor: "Note: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive."

    Does anyone know if this is something that can still be done on the latest version of Windows (21H2) and if so, how to do it?

    Maybe bitlocker requires the authentication method to be selected after encrypting the drive? The dialogue also said that the machine would restart and check that the recovery key worked before encrypting, but that did not happen either. Does that happen after the drive encryption process is finished and before encryption is applied?

    Thanks for any help with this.
      My Computer
    Quote Quote

  3. hsehestedt
    Posts : 4,187
    Windows 11 Pro, 22H2
       New #2

    You can force the need for additional protectors, but why? The whole point of the TPM (well, one of then) is that it stores the password in a secure manner so that the process of unlocking the OS drive is completely transparent to you. You simply boot your machine and logon as always, while the unlocking of your drive takes place automatically.

    If I'm misunderstanding the question, please do let me know.
      My Computers
    Quote Quote

  4. kevvyb
    Posts : 247
    Windows 10 Pro version 21H2 (standalone licence)
    Thread Starter
       New #3

    hsehestedt said:
    You can force the need for additional protectors, but why? The whole point of the TPM (well, one of then) is that it stores the password in a secure manner so that the process of unlocking the OS drive is completely transparent to you. You simply boot your machine and logon as always, while the unlocking of your drive takes place automatically.

    If I'm misunderstanding the question, please do let me know.
    Thank you for engaging. I have read that the TPM is less secure than a strong password but maybe that is just misinformation. This is software encryption in case that was not clear because the manufacturer of my drives recommends that.

    I think I may be only dimly grasping exactly what TPM is and how it works (hardware hash?) with self encrypting hardware devices (which I don't have) and devices which are not self encrypting and therefore software encryption is required.

    Using TPM though, does that not mean though that anyone who has access to my machine is can access in the same way? I had always understood that the Windows logon password was inherently insecure? But maybe TPM takes care of that?

    If I just rely on TPM for that security which sounds a very attractive option how do I verify that it is active?

    - - - Updated - - -

    The other thing I do not understand is that I have bitlocker turned off on all drives at the moment but the bitlocker icon keeps appearing in the system tray to advise that bitlocker is encrypting and to back up the file encryption key????

    Confused me, why would that be? lol UPDATE: Just realised this is something else, nothing to so with Bitlocker. Never been sure what it is though.

    Enforcing Bitlocker to ask for a password at boot-screenshot-2022-02-21-094141.png

    Enforcing Bitlocker to ask for a password at boot-screenshot-2022-02-20-163620.png

    Enforcing Bitlocker to ask for a password at boot-screenshot-2022-02-21-094704.png

    If I follow through on the recommended backing up of my key I am taken to the certificate export wizard...
    Enforcing Bitlocker to ask for a password at boot-screenshot-2022-02-21-100054.pngEnforcing Bitlocker to ask for a password at boot-screenshot-2022-02-21-100054.png

    The system tray icon then disappears only to reappear again approx 24hours later
    Last edited by kevvyb; 21 Feb 2022 at 05:21. Reason: updating
      My Computer
    Quote Quote

  6. itsme1
    Posts : 1,067
    windows 10
       New #4

    You go to step 4 of this tutorial to have a pin code at startup. You can read the whole tutorial to start using bitlocker.

    Turn On or Off BitLocker for Operating System Drive in Windows 10


    Type tpm.msc in the Run command.
    If your PC is equipped with a TPM and it is activated in the BIOS/UEFI, you will get the message: “The Trusted Platform Module (TPM) is ready to be used“.
      My Computer
    Quote Quote

 

  Related Discussions
Pre-boot BitLocker password typing affected by TPM?
in AntiVirus, Firewalls and System Security

I wish I encountered normal problems, but no. I expect this will be another one that no one can explain... I have been using my Win10 system for well over a year now. I only just enabled the TPM in the BIOS, to check if my system is Win11...
BitLocker not requiring password at boot. (Without TPM)
in AntiVirus, Firewalls and System Security

I've recently installed bitlocker on my computer. Although windows says my C: drive is encrypted; I am not asked for my decryption password when i boot the computer. I get put straight into the login screen. I've done the necessary steps to enable...
My laptop was running win 10 when I upgraded it to an edu license so I could bitlocker encode its hard drive. It has no TPM hardware so I had to type a password at boot time to boot. I forgot how I was able to disable the random timeout on that...
Bitlocker...TPM + PIN vs Password?
in AntiVirus, Firewalls and System Security

I have seen this question asked elsewhere several times, but with different answers...so I just want to make sure my understanding of BitLocker is correct. In the past, I had used BitLocker on several computers that did Not have a TPM...therefore...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:30.
Find Us




Windows 10 Forums