I have Windows 7 Ultimate, 64 bit installed on my Lenovo R61, which has TPM. After installing Bitlocker, encrypting the drive and rebooting, the drive shows the 'bitlocker locked' icon but I have unfettered access to all data on the drive without having to enter any password (I wasn't asked to insert a password during installation) or inserting the USB stick containing the recover key generated during installation. In attempts to identify the problem I twice successfully encrypted and decrypted the system. At no stage during the processes did Bitlocker identify any problems with encryption and each time successfully completed a check on my system's suitability for Bitlocker installation prior to starting encryption. To summarise, based on the Bitlocker icon associated with the 'c' drive where all data and programs are stored, Bitlocker was successfully installed and is operating but it is providing no protection at all, i.e. all data is accessible and can be read and modified without any passwords, keys, etc. Are there any system settings that I should check to see if they are compatible with Bitlocker? Regards, zestron

Hello Zestron, Unless you set your system to have a Startup Pin - via "manage-bde -protectors -add c: -TPMAndPIN", then you will not have any type of "password, key, etc.." because it is all handled by your TPM chip. If you were to take out the hard drive and place into another machine, then you will need the recovery key, along with if someone were to tamper with the boot configuration in several different methods, then it would kick off Bitlocker protection and require the recovery key. Your machine and Bitlocker are working as designed. Thanks,Tanner --- This is posted as-is and has no warranty or guarantee ---

Hi Tanner, Many thanks for your explanation. If I understand you correctly, the default state of a system with TPM is NOT to require a password, key, etc. and if I want one I need to 'reset' my system accordingly. I'll try to work out how to 'reset' my system, but it strikes me as odd that the default installation process for Bitlocker gives no protection against the most common cause of info loss with notebooks, i.e. lost or stolen equipment, and also that Bitlocker doesn't highlight that vulnerability to the user in some way during installation. Is this really the case or have I missed something? Regards, zestron

Hi Zestron, I agree with Tanner. You may refer to the paragraph in the following article: Help protect your files using BitLocker Drive Encryption If you encrypt the operating system drive, BitLocker checks the computer during startup for any conditions that could represent a security risk (for example, a change to the BIOS or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and require a special BitLocker recovery key to unlock it. Make sure that you create this recovery key when you turn on BitLocker for the first time; otherwise, you could permanently lose access to your files. If your computer has the Trusted Platform Module (TPM) chip, BitLocker uses it to seal the keys that are used to unlock the encrypted operating system drive. When you start your computer, BitLocker asks the TPM for the keys to the drive and unlocks it. Regards, Sabrina Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, thanks for the comments and apologies for the delay in responding. I now understand that the Bitlocker+TPM combination alone will not provide protection against someone accessing the HD contents if they get hold of my laptop and that I therefore need an additional security layer. My understanding is that 'Windows Login' passwords alone is inadequate as it can be relatively easily broken/accessed using various attack methods. However, I also understand that attack methods typically change/access BIOS and other settings on the computer. So the question is 'would these attempted attacks trigger Bitlocker to lock the computer? If they do, a good Windows Login password in combination with Bitlocker+TPM would provide a good measure of security. Does this theory match reality? Regards, zestron