Bitlocker with USB to TPM
I have a 2008 R2 server with Bitlocker running using a a USB drive as the startup key since the server does not have TPM installed. I now have the TPM installed but what I cannot figure out is whether I need to decrypt everything first then re-encrypt using
the TPM or if there is a way to move to the TPM as it is now.
Is there a way to move to the TPM as is or must I undo it all and start over?
Thanks for any advice.
July 21st, 2011 3:22pm
You can add the TPM as an additional protector to the drive using the "manage-bde -protectors -add" command and select from the folowing options
-TPMAndPIN or -tp
Adds a TPM And PIN protector for the OS volume.
-TPMAndStartupKey or -tsk
Adds a TPM And Startup Key protector for the OS volume.
-TPMAndPINAndStartupKey or -tpsk
Adds a TPM And PIN And Startup Key protector for the OS volume.
-tpm
Adds a TPM protector for the OS volume.
After verifying the new protector works you can just remove the old one
/Hasain
Free Windows Admin Tool Kit Click here and download it now
July 21st, 2011 3:56pm
Thank you very much Hasain. That worked perfectly.
July 21st, 2011 6:36pm