This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Bitlocker, I would like to Change from using a Password to using TPM

After I installed Sophos on my Windows 10 laptop to use Bitlocker with a password, I noticed that my laptop has a TPM module installed that was disabled by default.

I want to now use TPM instead of typing in a password upon startup of my system. 

Do I have to unencrypt my drives, remove Sophos and re-install or is there any easier way?

I did change the Local Group Policy to 'Allow' TPM but that made no change.  I still have to enter a password.

I also enabled TPM in the BIOS.

Is there another setting?

 



This thread was automatically locked due to age.
  • Hello Todd,

    Have you gone into TPM Management (TPM.MSC) and confirmed the device is turned on in Windows? You may need to initialize the TPM.

    Regards

    Bill Kearney

    Data Encryption
    UK Escalations

    Bill.

  • You can modify the protectors using the manage-bde command. I've successfully enabled password rather than startup key with this method. Use with caution !

    https://technet.microsoft.com/en-us/library/ff829848.aspx

    I'm not sure how "supported" this would be from Sophos's point of view though.

     

    I believe the recommendation (Sophos/Microsoft) is though to use TPM AND PIN rather than just TPM on its own, so I'd recommend using a PIN too.

     

    You may find the TPM has more than one state too in BIOS - some have (Lenovo) active, inactive and hidden. Some PC's will have more than one place to enable/activate TPM so double check. As Bill said - make sure that TPM.MSC (run with Admin) is showing the TPM chipset as ready