New
#11
Thanks for sharing how you resolved this issue. I agree that having more security is a big advantage, but many people aren't going to want to jump through more hoops. Heck, most people don't even turn Bitlocker on.
Thanks for sharing how you resolved this issue. I agree that having more security is a big advantage, but many people aren't going to want to jump through more hoops. Heck, most people don't even turn Bitlocker on.
OK. I may annoy some people with this comment, but .... feel free to delete it if it is bothersome.
I feel the poster had a good complaint - no boot password.
And I feel one of the responders provided some excellent comments (including that the password file is encrypted) in response to the "it's easy to hack the Windows login password) poster.
I've been in this business for 35 years and I am slow to condemn software developers, including Microsoft. It doesn't take much effort to call them uncaring or incompetent. I've written code and believe me - it ain't easy. If it were so easy Microsoft couldn't command the prices they command (and Mr. Gates wouldn't be rich). It's hard.
It turns out that the TPM (no boot password) system is damned good AND seamless. The value of no boot password is that the PC can be accessed remotely by the owner (from the road) or his tech support person.
I also use BestCrypt, which requires a boot password. It took me a while to consider not having one. If fact, that consideration brought me to this thread. BitLocker is good. It notices if the Boot Loader changes. It protects against the hard drive being removed.
My advice: Go easy on the condemnation until you've become more expert. This thread has made me more expert on BitLocker.
I came to BitLocker because I had one machine that just wouldn't tolerate BestCrypt (an otherwise superb product with excellent technical support). I too bristled at the no-boot-password issue. I began to learn about TPM.
After reading this article, I am more convinced then ever that Microsoft has created a fine product. But, it takes some extra study. (and Microsoft tech-support is often poor).
Please go a little easier (and slower) on the frustration-induced condemnation. It's distracting to me. These are complex software systems. Microsoft developers are hardly perfect. They are a mercenary company. But they are not a bunch of uncaring, incompetent fools.
Or as the bard said: "Know your song well before you start singing". More study, less whining.
Now go ahead and delete this provocative post. I fully understand.
Folks,
I read through the posts ( good stuff) and want to do the same thing...
BUT before I get started I wanted to clarify one point.
1. I Have Bitlocker running ( windows 10 pro)
2. With TPM
3. With NO bootup password i.e. windows login only
Just to make sure, following the point offered in post 9 above ( redirecting the reader to another page) following point 5 of that page, it seems:
a. I have to turn off Bitlocker ( which is running)
b. start the process all over of setting it up again ( which is no issue)
c. --> the point to be made <-- I CANNOT add a bootup password as an additional option with the existing Bitlocker turned on and in place.
I am running a Lenovo M910s, i7 process, Windows 10 pro ( with TPM).
Is my assessment correct? This goes under measure twice cut once mentality.
thank you,
After re-reading post 9, it DOES inform me to uninstall ( turn off) Bitlocker…. So I will pursue that path.
thanks
Hello all,
Thanks for all explaination, I was asking myself the same question.
Before starting a reconfiguration, I would like to have a clear response to the basic questions.
- is a TPM access enough as when the drive is encrypted, the windows password hack is not working anymore.
It mean, do we really need to use a password or is the TPM 99,99% safe?
Thanks
I had these issues when encrypting multiple new laptops using Powershell scripts. I found what is best if you have already added protectors but are not been asked to input a password upon start up, simply run the following command on Powershell;
Manage-bde -protectors -add c: -tpmandpinandstartupkey -tp <8 number pin> -tsk c:
Once you get a confirmation saying protectors have been set. Go to manage Bitlocker option in start up menu and you should now see ‘change how my drive is unlocked at startup’. If you do click that and should have the option to select a pin. Select a pin and hit change and it should work now when you restart the device.
Hope this helps.
Thanks for this thread and all contributers, especially pparks1. I too searched for hours why Bitlocker did not ask for a password or pin. The problem is not the software, it's the documentation. Anyone who knows a little of computers and security and wants to use Bitlocker for extra security, will have this question: when will Bitlocker ask me for the password/PIN I want to use?
It's easy to find you need Windows 10 Pro and preferably a TPM-chip in your laptop to use Bitlocker. But if you have both and run the Bitlocker setup, it does not say anything about a password of PIN. No info in the Windows-help, nor on the Microsoftsite, if you don't want to spend all day reading the complete Bitlocker-documentation.
But since we know a little about computers and security, we know encryption always needs a password/PIN. Just like you see on al the Bitlocker-guides on the internet. Bitlocker says it's active, diskmanager says the disk is encrypted, the PC even was busy for a short time 'encypting the data' after Bitlocker setup. But there's still no password or PIN and the PC simply starts up after reboot and logging on to Windows. What's the point of encryption without a password? It's like a lock without a key; either no-one or anyone can open it.
Very glad this thread answers this basic question. Just hoping the Microsoft-documentation-writers will come across this page.