This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Standalone BITLOCKER encryption Without tpm

 I have a windows 10 pro laptop without a TPM chip. Is it possible to encrypt his pc with Safeguard and a startupkey? I have been told that it is not possible with Windows 10 unless you have a token or a TPM Chip. We were able to do this with our Windows 7 clients with no issue.



This thread was automatically locked due to age.
Parents
  • This IS possible and you've been misinformed. I have many machines configured this way, but I've used password and not startup key.

    I personally wouldn't use a startup key but instead a password - that way your user gets the same experience on PIN/TPM and password (that is if you're using PIN and TPM as recommended). You may find too on a laptop that the USB key gets in the way or is removed and used for something else! I decided that the most secure was to have the prompt for PIN/password at POST and also helps spread the message - this is an encrypted PC.

    It is possible to swap over protectors from password/TPM/key etc...That's all done with the manage-bde on the local machine.

     

    As long as your PC O/S does support BitLocker (which Pro does) you're good to go. The only other thing to consider on older laptops is that BIOS will support USB at that level. Most half decent machines do that are less than 8yrs old but a small thing to consider....

     

    Hope that helps?

     

Reply
  • This IS possible and you've been misinformed. I have many machines configured this way, but I've used password and not startup key.

    I personally wouldn't use a startup key but instead a password - that way your user gets the same experience on PIN/TPM and password (that is if you're using PIN and TPM as recommended). You may find too on a laptop that the USB key gets in the way or is removed and used for something else! I decided that the most secure was to have the prompt for PIN/password at POST and also helps spread the message - this is an encrypted PC.

    It is possible to swap over protectors from password/TPM/key etc...That's all done with the manage-bde on the local machine.

     

    As long as your PC O/S does support BitLocker (which Pro does) you're good to go. The only other thing to consider on older laptops is that BIOS will support USB at that level. Most half decent machines do that are less than 8yrs old but a small thing to consider....

     

    Hope that helps?

     

Children
No Data