Bitlocker with TPM


  1. Posts : 105
    windows 10 pro
       #1

    Bitlocker with TPM


    Hi , I,m not sure if this is the right place to post this .

    Anyway , My query is about encryption on win10 pro .

    Previously I had a laptop with no TPM so I had to us the group policy editor to allow encryption to work , fine ,all was working and I had to type a password to unlock bilocker when my laptop came out of hibernation or rebooted .

    I now have a laptop with a TPM which seems much easier and apparently more secure but here,s what,s bothering me : I do not need to type a password on start up or coming out of hibernation to unlock the drive so just say someone stole my laptop . they would be able to get into the OS and files even though its encrypted . I do have a PIN to sign in to windows but just say I only wanted to use a local account with no PIN or password how useful is having my laptop encrypted .
    What then is the main reason for using encryption ?

    Sorry if I've confused anyone or my explanation isn't so clear .
      My Computer


  2. Posts : 3,105
    W10 Pro + W10 Preview
       #2

    With your need for encryption why on earth would you even consider leaving open your local account without a pin or password?
    It defeats the object of securing your computer.....locking the front door but leaving the back door open.
      My Computers


  3. Posts : 105
    windows 10 pro
    Thread Starter
       #3

    That's the answer I deserved with a post like that . I always use a password or pin to log in to windows . I just liked it better when I had to also use a password to unlock the drive . I have nothing even so sensitive to warrant encryption I use it because I can.
      My Computer


  4. Posts : 3,105
    W10 Pro + W10 Preview
       #4

    tamo said:
    That's the answer I deserved with a post like that . I always use a password or pin to log in to windows . I just liked it better when I had to also use a password to unlock the drive . I have nothing even so sensitive to warrant encryption I use it because I can.
    It takes a special kind of person to reply as you have, and a wise one at that....regards dencal.
      My Computers


  5. Posts : 6
    windows 10
       #5

    TAMO,
    you are NOT wrong in what you want to do. TPM is SUPPOSED to protect this stuff. BUT, I have a samsung tabPro S (windows), and have even written to samsung PRESIDENT in s. Korea, and no reply. They institute this stuff, and then never have details about it.

    You ARE correct that RELYING solely on the TPM is problematic. BUT, you CoULD edit the group policy for Bitlocker and allow a PIN; you then get protection of "TPM plus PIN", which requires that PIN for ANY windows boot-up, including hibernation (I have my notebooks set up for TPM plus PIN). You THEN could leave the actual windows user as not requiring a password (first, test to verify)

    HOWEVER (and again, I may post a more detailed thread on this question), your machine may have an actual BIOS ADMINISTRATOR PASSWORD. From my understandings from SOME threads (although still not clear), this BIOS ADMINISTRATOR PASSWORD is controlled by TPM also.

    In my scenario (I am not totally comfortable with it yet), I start the tablet (the samsung), and ON-screen keyboard comes up, and I can enter the BIOS ADMINISTRATOR PASSWORD. If this is NOT entered corectly, it shuts down. IF it IS entered corectly, then Boot-up continues, Bitlocker unlocks (its key is stored with the TPM), and it boots up to my Username/p[assword for windows.
    I DID WANT to have "bitlocker PLUS PIN", but the problem with the samsung is that the On-screen keyboard does NOT work for Bitlocker, it only works for the BIOS ADMINISTRATOR PASSWORD. REPEATED requests to samsung have been fruitless for an answer about the on-screen keyboard.

    In the above scenario, if someone STOLE the computer, lets assume they can't break the BIOS ADMINISTRATOR PASSWORD. if they got to the BIOS, and somehow CLEARED the TPM, then the Bitlocker key gets wiped out, and bitlocker owuld need entry of the 46-character actual recovery key.

    Anyway, for your situation, explore the BIOS ADMINISTRATOR PASSWORD, and the GPEDIT.msc (group policy) to allow Bitlocker to have a PIN.

    hope this helps
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:34.
Find Us




Windows 10 Forums