[BitLocker:] One USB key for more than one computer

Hello,

let's assume I have got more than one computer using Windows Vista and
BitLocker. Because my computer don't have TPM 1.2 or better devices or I
would like to use TPM+PIN+USB-key I need an USB key.

Do I need to use as many USB keys as computer I have or can I store as many
BitLocker keys as I want on that single USB key?

Thanks...

Hello Thomas D.,

First, a TPM Module is -not- absolutely necessary.

Second, must have one TPM+PIN+USB-key for each HDD that has BitLocker
Activated. <(that statement is greatly condensed!)

Respectfully expressed, it seems too apparent that if you read 1st) Vista's
"Help and Support" Files, including, 2nd) Vista's new "Start Search"
(immediately above Vista's "Start Button") Field (just type your request)
also, Microsoft's online Search, and (tied for 1st) explore Vista's "Welcome
Center" and very easily you will learn more that ever could you imagine !

Vista presents a new learning curve for (not young first time computer
users) only experienced computer users.

Happy Learning to You,
--
Windows Vista
Become Part of The Legacy!



"Thomas D." wrote:

> Hello,
>
> let's assume I have got more than one computer using Windows Vista and
> BitLocker. Because my computer don't have TPM 1.2 or better devices or I
> would like to use TPM+PIN+USB-key I need an USB key.
>
> Do I need to use as many USB keys as computer I have or can I store as many
> BitLocker keys as I want on that single USB key?
>
> Thanks...

Thanks for your reply!

"Jonathan Schwartz 2" wrote:
> Second, must have one TPM+PIN+USB-key for each HDD that has BitLocker
> Activated. <(that statement is greatly condensed!)

Did I understand you correctly, that I need one USB memory device to store
each BitLocker USB key for each computer (If I own 3 computer using
BitLocker, I need 3 USB memory devices)?

Regards

In article <72FF4DFD-2112-4A3D-9AD7-F02B308B5FE1@microsoft.com>,
in the microsoft.public.windows.vista.security news group, =?
Utf-8?B?Sm9uYXRoYW4gU2Nod2FydHogMg==?= <JonathanSchwartz2
@discussions.microsoft.com> says...

> Hello Thomas D.,
>
> First, a TPM Module is -not- absolutely necessary.
>
> Second, must have one TPM+PIN+USB-key for each HDD that has BitLocker
> Activated. <(that statement is greatly condensed!)

This is wrong. In the first place, you can't currently use both
a TPM with a PIN and store the encryption key on a USB disk. The
TPM+PIN+USB feature is being looked at for Vista SP1. Secondly,
if you're using a USB device to store the key, then you do not
need a separate USB device for each key. You can store multiple
keys on a single USB device.

<snip>


--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm,
has survived for centuries without smileys. Only the new crop of
modern computer geeks finds it impossible to detect a joke that
is not clearly labeled as such."
Ray Shea

In article <B7671BFC-A904-4FE6-AD97-D9C4AC8614B7@microsoft.com>,
in the microsoft.public.windows.vista.security news group, =?
Utf-8?B?VGhvbWFzIEQu?= <ThomasD@discussions.microsoft.com>
says...

> Did I understand you correctly, that I need one USB memory device to store
> each BitLocker USB key for each computer (If I own 3 computer using
> BitLocker, I need 3 USB memory devices)?
>

No, this is not true. The person who replied to your post is
wrong and while he keeps switching his posting ID, he
consistently posts incorrect information to this news group.
In your case you can certainly use a single USB device.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm,
has survived for centuries without smileys. Only the new crop of
modern computer geeks finds it impossible to detect a joke that
is not clearly labeled as such."
Ray Shea

"Paul Adare" wrote:
> Secondly, if you're using a USB device to store the key, then you do not
> need a separate USB device for each key. You can store multiple
> keys on a single USB device.

Thank you Paul! That answered my question.

"Paul Adare" <padare@newsguy.com> wrote in message
news:MPG.202fc3d9eacff16998a3d7@msnews.microsoft.com...
> In article <72FF4DFD-2112-4A3D-9AD7-F02B308B5FE1@microsoft.com>,
> in the microsoft.public.windows.vista.security news group, =?
> Utf-8?B?Sm9uYXRoYW4gU2Nod2FydHogMg==?= <JonathanSchwartz2
> @discussions.microsoft.com> says...
>
>> Hello Thomas D.,
>>
>> First, a TPM Module is -not- absolutely necessary.
>>
>> Second, must have one TPM+PIN+USB-key for each HDD that has BitLocker
>> Activated. <(that statement is greatly condensed!)
>
> This is wrong. In the first place, you can't currently use both
> a TPM with a PIN and store the encryption key on a USB disk. The
> TPM+PIN+USB feature is being looked at for Vista SP1. Secondly,
> if you're using a USB device to store the key, then you do not
> need a separate USB device for each key. You can store multiple
> keys on a single USB device.


Please tell me they're also working on "PIN+USB" for those of us without a
TPM in our existing laptops.

I'm _so_ not going to tell my corporate masters that they need to replace
several hundred laptops over the coming year before we implement Vista, not
because they can't run Vista, but because Vista's implementation of
BitLocker doesn't let them use a PIN without a TPM.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

"Alun Jones [MS-MVP - Windows Security]" <alun@texis.invalid> wrote

> "Paul Adare" <padare@newsguy.com> wrote

>> <JonathanSchwartz2> says...
>>
>>> Hello Thomas D.,
>>>
>>> First, a TPM Module is -not- absolutely necessary.
>>>
>>> Second, must have one TPM+PIN+USB-key for each HDD that has BitLocker
>>> Activated. <(that statement is greatly condensed!)
>>
>> This is wrong. In the first place, you can't currently use both
>> a TPM with a PIN and store the encryption key on a USB disk. The
>> TPM+PIN+USB feature is being looked at for Vista SP1. Secondly,
>> if you're using a USB device to store the key, then you do not
>> need a separate USB device for each key. You can store multiple
>> keys on a single USB device.
>
> Please tell me they're also working on "PIN+USB" for those of us without a
> TPM in our existing laptops.
>
> I'm _so_ not going to tell my corporate masters that they need to replace
> several hundred laptops over the coming year before we implement Vista,
> not because they can't run Vista, but because Vista's implementation of
> BitLocker doesn't let them use a PIN without a TPM.

Yes bitlocker works with a PIN and USB. You don't need TPM, but the BIOS
has to support recognizing the USB flash drive as it boots. Set it up using
method 3 in this link.

http://technet.microsoft.com/en-us/w.../aa905089.aspx

--
Rock [MS-MVP User/Shell]

In article <uso4$PiTHHA.5060@TK2MSFTNGP02.phx.gbl>, in the
microsoft.public.windows.vista.security news group, Rock
<Rock@nospam.net> says...

> Yes bitlocker works with a PIN and USB. You don't need TPM, but the BIOS
> has to support recognizing the USB flash drive as it boots. Set it up using
> method 3 in this link.
>
> http://technet.microsoft.com/en-us/w.../aa905089.aspx
>

Sorry, but that isn't what Alun was asking for and doesn't
provide you with a PIN. All that does is to store the encryption
key on the USB device, no PIN involved.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm,
has survived for centuries without smileys. Only the new crop of
modern computer geeks finds it impossible to detect a joke that
is not clearly labeled as such."
Ray Shea

"Paul Adare" <padare@newsguy.com> wrote

> Rock says...
>
>> Yes bitlocker works with a PIN and USB. You don't need TPM, but the BIOS
>> has to support recognizing the USB flash drive as it boots. Set it up
>> using
>> method 3 in this link.
>>
>> http://technet.microsoft.com/en-us/w.../aa905089.aspx
>>
>
> Sorry, but that isn't what Alun was asking for and doesn't
> provide you with a PIN. All that does is to store the encryption
> key on the USB device, no PIN involved.

Ah, sorry about that, I misinterpreted.

--
Rock [MS-MVP User/Shell]