Hi all, I am testing BitLocker with OS drive encryption. If I use TPM+ USB startup KEY + PIN code for startup authentication, can anyone knnow where is this PIN code stored. Is it stored in C drive if this drive is encypted? Besides, could this PIN code be manageed by IT administrator in enterprise domain environment? If not, does it mean that those who will use a same encrypted laptop need share this PIN code before they want to boot the system successfully? I'll be appreciate any help. Scorprio TechNet Software Assurance Managed Newsgroup MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin

Hi, I search around on the Internet but cannot find any thing helpful. Is there any Microsoft support person can help me? Thanks in advance. ScorprioTechNet Software Assurance Managed Newsgroup MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin

Hi, I got some light from one of my colleague who is familiar with Bitlocker. When the PIN is entered, it is hashed and used as authentication data to the TPM, which will refuse to unlock the previously-sealed volume master key (VMK) if the PIN is incorrect. For management purposes, the hash of the PIN is stored on the encrypted volume and encrypted with the same key as the data on the volume--thus having access to the stored PIN requires having access to the drive. There is one PIN per machine. It can be managed via script using the Win32_EncryptableVolume WMI class. Win32_EncryptableVolume Class http://msdn.microsoft.com/en-us/library/aa376483(VS.85).aspx By the way, the BitLocker technical overview on Technet maybe useful. BitLocker Drive Encryption Technical Overview http://technet.microsoft.com/en-us/library/cc732774(WS.10).aspx Best Regards, Vincent Hu

Hi Vincent, Thank you very much for your kindly response. As I understand according to your description, one computer has one PIN. And the hash of PIN actually saved in the encrypted volume. Therefore, who will use a same encrypted laptop need share to know this PIN code. ScorprioTechNet Software Assurance Managed Newsgroup MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin