Bitlocker and TMP

I have a machine with a TMP 1.2 that will allow Bitlocker to be turned on.
However, I would like to use only a USB to Bitlock the system partition. I
enabled USB through the Group Policies, but it appears that I can only use
the USB in conjunction with the TPM. I was told that there is a Registry
setting that can allow me to use only the USB even though there is an enabled
TPM 1.2 chip on the board. Is there such a setting and what is it?

Alternatively, I imagine that I could disable the TPM in the BIOS, but I
haven't tried this as it would be my least desired method.

Any help appreciated.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tazinfo wrote:

> I have a machine with a TMP 1.2 that will allow Bitlocker to be turned on.
> However, I would like to use only a USB to Bitlock the system partition. I
> enabled USB through the Group Policies, but it appears that I can only use
> the USB in conjunction with the TPM. I was told that there is a Registry
> setting that can allow me to use only the USB even though there is an enabled
> TPM 1.2 chip on the board. Is there such a setting and what is it?
>
> Alternatively, I imagine that I could disable the TPM in the BIOS, but I
> haven't tried this as it would be my least desired method.
>
> Any help appreciated.

I think you need to disable the TMP so bitlocker cannot see it.
I don't understand why you don't want to disable it if you are sure you
don't want to use it?
BTW I use bitlocker with a usb key...works great.




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGcCHBqDp2fu862vwRAsChAKCLLG0Na+RzRxhLkyS7HKrxA9qgkgCfflfm
DHA9lXu68yiS0PU6e4ioc9o=
=hmFu
-----END PGP SIGNATURE-----

"Richard" wrote:

>
> I think you need to disable the TMP so bitlocker cannot see it.
> I don't understand why you don't want to disable it if you are sure you
> don't want to use it?
> BTW I use bitlocker with a usb key...works great.


Thanks,

I tried that both in the BIOS and through the TPM Management (from the
Bitlocker screen). When I click "Turn on Bitlocker," I get the message
telling me that this computer requires the TPM to be enabled. BTW, in the
Group Policy, I disallowed "startup key with TPM" and "startup PIN with TPM."

I have used Bitlocker with a USB key on other machines and it does work great.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tazinfo wrote:
>
> "Richard" wrote:
>
>> I think you need to disable the TMP so bitlocker cannot see it.
>> I don't understand why you don't want to disable it if you are sure you
>> don't want to use it?
>> BTW I use bitlocker with a usb key...works great.
>
>
> Thanks,
>
> I tried that both in the BIOS and through the TPM Management (from the
> Bitlocker screen). When I click "Turn on Bitlocker," I get the message
> telling me that this computer requires the TPM to be enabled. BTW, in the
> Group Policy, I disallowed "startup key with TPM" and "startup PIN with TPM."
>
> I have used Bitlocker with a USB key on other machines and it does work great.

Sorry, then I cannot help further.
I thought you would be able to disable the TPM in the BIOS.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGcEMcqDp2fu862vwRAqTfAKCEGV8ofcui1hGyjSve4q1lNVZZaACfWLCy
LsrCCJy1EFLVTwttk1avtIE=
=waIH
-----END PGP SIGNATURE-----

"Richard" wrote:


> Sorry, then I cannot help further.
> I thought you would be able to disable the TPM in the BIOS.
>

Thanks anyway. My curent thought is that the TPM was enabled when I
installed VISTA and a Registry was set indication a compatible TPM is present
in the machine. I could try to re-install VISTA with the TPM in the disabled
state and see if that makes a difference, but if I can find any such Registry
key, it would save me the effort.

Tazinfo:
If you go into gpedit.msc, Windows Components, BitLocker drive
encryption, right click control panel setup: enable advanced startup
options, properties. You should be able create or skip TPM options. Have a
great day.

--
Dennis Pack
XP x64, Vista Enterprise x64
Office Prof. Plus 2007
"Tazinfo" <Tazinfo@discussions.microsoft.com> wrote in message
news:9E68EBA5-43B9-4F0E-9756-465C088C3415@microsoft.com...
>
>
> "Richard" wrote:
>
>
>> Sorry, then I cannot help further.
>> I thought you would be able to disable the TPM in the BIOS.
>>
>
> Thanks anyway. My curent thought is that the TPM was enabled when I
> installed VISTA and a Registry was set indication a compatible TPM is
> present
> in the machine. I could try to re-install VISTA with the TPM in the
> disabled
> state and see if that makes a difference, but if I can find any such
> Registry
> key, it would save me the effort.

Tazinfo schrieb:

> I have a machine with a TMP 1.2 that will allow Bitlocker to be turned on.
> However, I would like to use only a USB to Bitlock the system partition. I
> enabled USB through the Group Policies, but it appears that I can only use
> the USB in conjunction with the TPM. I was told that there is a Registry
> setting that can allow me to use only the USB even though there is an enabled
> TPM 1.2 chip on the board. Is there such a setting and what is it?

That should not be a big problem if you use the manage-bde.wsf script on
the command-line instead of this incomplete GUI. With this scriipt you can
add/delete as many "protectors" (passwords, externals keys or tpm based
keys for starting up) as you want.

Robert