This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Encryption TPM Only option

Hey All,

I recently got a dell Vostro 3500 laptop 

TPM Reads below : 

After installing Sophos encryption bitlocker and adding it to a policy with :

Require startup authentication 
All other laptops have asked me for a pin or password but this one doesnt : 
Just says :
Authentication Type : TPM only  - How do i get it to use a password or pin ? 



This thread was automatically locked due to age.
Parents
  • Check that it's not got a conflicting policy preventing PIN use. I would then try manually enabling the PIN option. Open an ADMIN/Elevated command prompt. 

    Type

    manage-bde -protectors -add c: -TPMAndPIN

    Depending on the policies applied via GPO and age of the PC this will be 4 or 6 digits. Enter PIN and repeat.

    Remember to ONLY use digits/numbers and not any characters that could change on keyboard layout.

    I would then restart several times to test this before you give it back to the user

Reply
  • Check that it's not got a conflicting policy preventing PIN use. I would then try manually enabling the PIN option. Open an ADMIN/Elevated command prompt. 

    Type

    manage-bde -protectors -add c: -TPMAndPIN

    Depending on the policies applied via GPO and age of the PC this will be 4 or 6 digits. Enter PIN and repeat.

    Remember to ONLY use digits/numbers and not any characters that could change on keyboard layout.

    I would then restart several times to test this before you give it back to the user

Children
  • Thanks , So I did look at the policy and its the same one that all the rest are on , 

    I have two set :  Default with no encryption so machines don't auto encrypt and cause chaos . Above is a setting with Encryption to allow it and i Select them and add . 

    There have been times in the past , Where it would install - With no password set and after reboot it would ask for one . 

    But this is the first time ive had it say that on central. 

    (Remember to ONLY use digits/numbers and not any characters that could change on keyboard layout.)

    Never thought about that part tbh . 

    So I did it the long way took encryption off an re applied it . It then asked . 

    Is there any reason why some times it doesn't ask for this ? 

    W

    ill that command work for it if it doesn't ask for it initially .