Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 7 subscribers
  • Views 8017 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Bitlocker, I would like to Change from using a Password to using TPM

ToddSmith

After I installed Sophos on my Windows 10 laptop to use Bitlocker with a password, I noticed that my laptop has a TPM module installed that was disabled by default.

I want to now use TPM instead of typing in a password upon startup of my system. 

Do I have to unencrypt my drives, remove Sophos and re-install or is there any easier way?

I did change the Local Group Policy to 'Allow' TPM but that made no change.  I still have to enter a password.

I also enabled TPM in the BIOS.

Is there another setting?

 



This thread was automatically locked due to age.
Parents
  • 0

    You can modify the protectors using the manage-bde command. I've successfully enabled password rather than startup key with this method. Use with caution !

    https://technet.microsoft.com/en-us/library/ff829848.aspx

    I'm not sure how "supported" this would be from Sophos's point of view though.

     

    I believe the recommendation (Sophos/Microsoft) is though to use TPM AND PIN rather than just TPM on its own, so I'd recommend using a PIN too.

     

    You may find the TPM has more than one state too in BIOS - some have (Lenovo) active, inactive and hidden. Some PC's will have more than one place to enable/activate TPM so double check. As Bill said - make sure that TPM.MSC (run with Admin) is showing the TPM chipset as ready

Reply
  • 0

    You can modify the protectors using the manage-bde command. I've successfully enabled password rather than startup key with this method. Use with caution !

    https://technet.microsoft.com/en-us/library/ff829848.aspx

    I'm not sure how "supported" this would be from Sophos's point of view though.

     

    I believe the recommendation (Sophos/Microsoft) is though to use TPM AND PIN rather than just TPM on its own, so I'd recommend using a PIN too.

     

    You may find the TPM has more than one state too in BIOS - some have (Lenovo) active, inactive and hidden. Some PC's will have more than one place to enable/activate TPM so double check. As Bill said - make sure that TPM.MSC (run with Admin) is showing the TPM chipset as ready

Children
No Data
Unfiltered HTML