Hello to everyone,
I am new here and "fresh" with BitLocker encryption. I need to encrpyt OS drive of laptop with Windows 8.1 and TPM chip. I have read few articles about encryption of OS drives with BitLocker ( with TPM / without TPM ) but never got a direct answer to my questions. So ... I want to ask:
1. Is it possible to encrypt the drive without using the TPM in case that there is TPM chip in the laptop because from what I have read BitLocker work with TPM by default but I don't want to use it. I have had already encrypt other laptops without TPM chips by setting up the group policies ( Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives and double click on Require additional authentication at startup ) and ... is it possible something like this to be made in this case ( when the laptop have TPM in it ).
What I want is the user to be asked for password on startup, recovery key to be saved to a file on external device( not to use usb flash drive as a key ) and to be possible simply to change my HDD in the future without need to manage TPM.
If this is not possible ... here is my second question:
2. Can I setup encryption with TPM like that:
- user to be asked for PASSWORD on startup
- recovery key to be saved to a file ( I don't want every time to use usb flash drive with recovery on it to unlock the drive ... what I want is just user to be asked for a password and when he enter the correct password the drive to be unlocked )
I apologise for my bad english and the long questions but I hope that someone can help me for this. Thanks in advance.
I am new here and "fresh" with BitLocker encryption. I need to encrpyt OS drive of laptop with Windows 8.1 and TPM chip. I have read few articles about encryption of OS drives with BitLocker ( with TPM / without TPM ) but never got a direct answer to my questions. So ... I want to ask:
1. Is it possible to encrypt the drive without using the TPM in case that there is TPM chip in the laptop because from what I have read BitLocker work with TPM by default but I don't want to use it. I have had already encrypt other laptops without TPM chips by setting up the group policies ( Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives and double click on Require additional authentication at startup ) and ... is it possible something like this to be made in this case ( when the laptop have TPM in it ).
What I want is the user to be asked for password on startup, recovery key to be saved to a file on external device( not to use usb flash drive as a key ) and to be possible simply to change my HDD in the future without need to manage TPM.
If this is not possible ... here is my second question:
2. Can I setup encryption with TPM like that:
- user to be asked for PASSWORD on startup
- recovery key to be saved to a file ( I don't want every time to use usb flash drive with recovery on it to unlock the drive ... what I want is just user to be asked for a password and when he enter the correct password the drive to be unlocked )
I apologise for my bad english and the long questions but I hope that someone can help me for this. Thanks in advance.
My Computer
System One
-
- OS
- Windows 7 Pro
- Computer type
- Laptop