Vista - Bitlocker Question?

05-04-2007

I have Bitlocker enabled on my TPM laptop. It works great. My question is :
Can I now enable a PIN in addition to the TPM? I have found how to turn it
on via gpedit.msc

If I turn the advanced features on will it go into recovery mode? Or will it
just add the PIN?

Thanks

05-07-2007

Yes you can add a PIN now, but you have to do it from the command line. The
tool is called manage-bde.wsf. Here is the syntax you need:
C:\Windows\system32>cscript manage-bde.wsf -protectors -add /?
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

manage-bde -protectors -add Volume
[{-RecoveryPassword|-rp} [NumericalPassword]]
[{-RecoveryKey|-rk} PathToExternalKeyDirectory]
[{-StartupKey|-sk} PathToExternalKeyDirectory]
[-TPM]
[{-TPMAndPIN|-tp} PIN]
[{-TPMAndStartupKey|-tsk} PathToExternalKeyDirectory]
[{-ComputerName|-cn} ComputerName]
[{-?|/?}] [{-Help|-h}]

Description:
Adds key protection methods.

Parameter List:
Volume A drive letter followed by a colon. Example: "C:"
-RecoveryPassword or -rp
Adds a Numerical Password protector.
-RecoveryKey or -rk
Adds an External Key protector for recovery.
-StartupKey or -sk
Adds an External Key protector for startup.
-TPMAndPIN or -tp
Adds a TPM And PIN protector for the OS volume.
-TPMAndStartupKey or -tsk
Adds a TPM And Startup Key protector for the OS volume.
-tpm Adds a TPM protector for the OS volume.
-ComputerName or -cn
Runs on another computer. Examples: "ComputerX", "127.0.0.1"
-? or /? Displays brief help. Example: "-ParameterSet -?"
-Help or -h Displays complete help. Example: "-ParameterSet -h"

Examples:
manage-bde -protectors -add e: -RecoveryPassword
manage-bde -protectors -add e: -rp -rk h:\
manage-bde -protectors -add e: -TPMAndPIN ...

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20

"Michael Price" wrote:

> I have Bitlocker enabled on my TPM laptop. It works great. My question is :
> Can I now enable a PIN in addition to the TPM? I have found how to turn it
> on via gpedit.msc
>
> If I turn the advanced features on will it go into recovery mode? Or will it
> just add the PIN?
>
> Thanks
>

05-04-2007	#1 (permalink)
Michael Price n/a posts	Bitlocker Question? I have Bitlocker enabled on my TPM laptop. It works great. My question is : Can I now enable a PIN in addition to the TPM? I have found how to turn it on via gpedit.msc If I turn the advanced features on will it go into recovery mode? Or will it just add the PIN? Thanks
My System Specs

05-07-2007	#2 (permalink)
Jesper n/a posts	RE: Bitlocker Question? Yes you can add a PIN now, but you have to do it from the command line. The tool is called manage-bde.wsf. Here is the syntax you need: C:\Windows\system32>cscript manage-bde.wsf -protectors -add /? Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. manage-bde -protectors -add Volume [{-RecoveryPassword\|-rp} [NumericalPassword]] [{-RecoveryKey\|-rk} PathToExternalKeyDirectory] [{-StartupKey\|-sk} PathToExternalKeyDirectory] [-TPM] [{-TPMAndPIN\|-tp} PIN] [{-TPMAndStartupKey\|-tsk} PathToExternalKeyDirectory] [{-ComputerName\|-cn} ComputerName] [{-?\|/?}] [{-Help\|-h}] Description: Adds key protection methods. Parameter List: Volume A drive letter followed by a colon. Example: "C:" -RecoveryPassword or -rp Adds a Numerical Password protector. -RecoveryKey or -rk Adds an External Key protector for recovery. -StartupKey or -sk Adds an External Key protector for startup. -TPMAndPIN or -tp Adds a TPM And PIN protector for the OS volume. -TPMAndStartupKey or -tsk Adds a TPM And Startup Key protector for the OS volume. -tpm Adds a TPM protector for the OS volume. -ComputerName or -cn Runs on another computer. Examples: "ComputerX", "127.0.0.1" -? or /? Displays brief help. Example: "-ParameterSet -?" -Help or -h Displays complete help. Example: "-ParameterSet -h" Examples: manage-bde -protectors -add e: -RecoveryPassword manage-bde -protectors -add e: -rp -rk h:\ manage-bde -protectors -add e: -TPMAndPIN ... --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Michael Price" wrote: > I have Bitlocker enabled on my TPM laptop. It works great. My question is : > Can I now enable a PIN in addition to the TPM? I have found how to turn it > on via gpedit.msc > > If I turn the advanced features on will it go into recovery mode? Or will it > just add the PIN? > > Thanks >
My System Specs

Similar Threads
Thread	Forum
Bitlocker Question	Vista General
BitLocker question	Vista security
Windows Vista BitLocker Question!	Vista General
BitLocker Question	Vista General
BitLocker key change question	Vista security