1.    10 Jun 2017 #1
    Join Date : Aug 2015
    Posts : 101
    windows 10 pro

    Bitlocker with TPM


    Hi , I,m not sure if this is the right place to post this .

    Anyway , My query is about encryption on win10 pro .

    Previously I had a laptop with no TPM so I had to us the group policy editor to allow encryption to work , fine ,all was working and I had to type a password to unlock bilocker when my laptop came out of hibernation or rebooted .

    I now have a laptop with a TPM which seems much easier and apparently more secure but here,s what,s bothering me : I do not need to type a password on start up or coming out of hibernation to unlock the drive so just say someone stole my laptop . they would be able to get into the OS and files even though its encrypted . I do have a PIN to sign in to windows but just say I only wanted to use a local account with no PIN or password how useful is having my laptop encrypted .
    What then is the main reason for using encryption ?

    Sorry if I've confused anyone or my explanation isn't so clear .
      My ComputerSystem Spec
  2.    10 Jun 2017 #2
    Join Date : Oct 2014
    Posts : 2,458
    W10 Pro + W10 Preview

    With your need for encryption why on earth would you even consider leaving open your local account without a pin or password?
    It defeats the object of securing your computer.....locking the front door but leaving the back door open.
      My ComputersSystem Spec
  3.    10 Jun 2017 #3
    Join Date : Aug 2015
    Posts : 101
    windows 10 pro
    Thread Starter

    That's the answer I deserved with a post like that . I always use a password or pin to log in to windows . I just liked it better when I had to also use a password to unlock the drive . I have nothing even so sensitive to warrant encryption I use it because I can.
      My ComputerSystem Spec
  4.    10 Jun 2017 #4
    Join Date : Oct 2014
    Posts : 2,458
    W10 Pro + W10 Preview

    Quote Originally Posted by tamo View Post
    That's the answer I deserved with a post like that . I always use a password or pin to log in to windows . I just liked it better when I had to also use a password to unlock the drive . I have nothing even so sensitive to warrant encryption I use it because I can.
    It takes a special kind of person to reply as you have, and a wise one at that....regards dencal.
      My ComputersSystem Spec
  5.    23 Jul 2017 #5
    Join Date : Aug 2015
    Posts : 6
    windows 10

    TAMO,
    you are NOT wrong in what you want to do. TPM is SUPPOSED to protect this stuff. BUT, I have a samsung tabPro S (windows), and have even written to samsung PRESIDENT in s. Korea, and no reply. They institute this stuff, and then never have details about it.

    You ARE correct that RELYING solely on the TPM is problematic. BUT, you CoULD edit the group policy for Bitlocker and allow a PIN; you then get protection of "TPM plus PIN", which requires that PIN for ANY windows boot-up, including hibernation (I have my notebooks set up for TPM plus PIN). You THEN could leave the actual windows user as not requiring a password (first, test to verify)

    HOWEVER (and again, I may post a more detailed thread on this question), your machine may have an actual BIOS ADMINISTRATOR PASSWORD. From my understandings from SOME threads (although still not clear), this BIOS ADMINISTRATOR PASSWORD is controlled by TPM also.

    In my scenario (I am not totally comfortable with it yet), I start the tablet (the samsung), and ON-screen keyboard comes up, and I can enter the BIOS ADMINISTRATOR PASSWORD. If this is NOT entered corectly, it shuts down. IF it IS entered corectly, then Boot-up continues, Bitlocker unlocks (its key is stored with the TPM), and it boots up to my Username/p[assword for windows.
    I DID WANT to have "bitlocker PLUS PIN", but the problem with the samsung is that the On-screen keyboard does NOT work for Bitlocker, it only works for the BIOS ADMINISTRATOR PASSWORD. REPEATED requests to samsung have been fruitless for an answer about the on-screen keyboard.

    In the above scenario, if someone STOLE the computer, lets assume they can't break the BIOS ADMINISTRATOR PASSWORD. if they got to the BIOS, and somehow CLEARED the TPM, then the Bitlocker key gets wiped out, and bitlocker owuld need entry of the 46-character actual recovery key.

    Anyway, for your situation, explore the BIOS ADMINISTRATOR PASSWORD, and the GPEDIT.msc (group policy) to allow Bitlocker to have a PIN.

    hope this helps
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Bitlocker
Hi I have a links tablet 1020 with windows 10 installed tried to boot up and got a blue screen that says "Bit locker Enter key to get going again" i don't have a bitlocker key Been onto microsoft to try and get one and they say that...
AntiVirus, Firewalls and System Security
Solved Bitlocker without TPM help
Hi all, I've been having a bit of trouble trying to get Bitlocker working on my Dad's laptop. He recently bought a new laptop with Win 7 pro and I upgraded it to Win 10. It all went smoothly except now when I'm trying to get Bitlocker to encrypt...
AntiVirus, Firewalls and System Security
Solved BitLocker
This may sound Odd or maybe I have a memory block, But what is Bit Locker ? Did it com with win.10 And what is it's function I was thinking of Bit Defender Antivirus.But I know thats not it .
AntiVirus, Firewalls and System Security
No Bitlocker
I am unsure if this is applicable here, however, it is about security. I want to encrypt a drive and thought I would use Windows Bitlocker, I can't locate it on windows 10. Is there a substitute for bitlocker on Windows 10? :cool:
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:22.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums