Hi, I have Bitlocker set up and running with MBAM. Generally it's working very well and I'm pleased with it. The machines with TPM chips have had encryption triggered through MBAM and those without have had it configured manually using a USB startup key. I have one problem machine though, an old Toshiba Tecra M5. This has a TPM 1.2 but from reading forums elsewhere apparently the BIOS predates Bitlocker and is not compatible. Toshiba haven't published an updated BIOS although they could be updated by returning them to a Toshiba service centre. Trying to enable Bitlocker with the TPM route fails then due to the BIOS problem. If I try to manually enable Bitlocker in the same way as I've done with the non TPM machines it doens't offer me the USB key option as it detects the TPM module. I've tried disabling the TPM in the BIOS and uninstalling it in device manager but it reappears after a reboot. Is there anything I can do to force Bitlocker to ignore the TPM and encrypt using a USB key instead? Thanks, Tim

Hi, Did you check if this computer can read from a USB device during the boot process? Did you enable the related settings? Please refer to the following information: Can I use BitLocker on an operating system drive without a TPM version 1.2? Yes, you can enable BitLocker on an operating system drive without a TPM version 1.2, if the BIOS has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker can also provide. To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements. To enable BitLocker on a computer without a TPM, you must enable the Require additional authentication at setupGroup Policy setting, which is located in Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives. You must select the Allow BitLocker without a compatible TPMcheck box. After this setting is applied to the local computer, the non-TPM settings appear in the BitLocker setup wizard. See Can I use BitLocker on a computer without a TPM 1.2? Regards, Sabrina TechNet Subscriber Support If you are TechNet Subscriptionuser and have any feedback on our support quality, please send your feedback here.Sabrina TechNet Community Support

Hi Sabrina, Thanks - but I've done all that. Bitlocker is working with laptops without TPMs. The problem is that when you try to encrypt the C: drive because it detects the TPM it doesn't offer the option of using a USB key. Tim

Hi, What about configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard to test this issue? See: Enabling BitLocker by Using the Command Line Also, you may try to use the script which stated in the following similar thread to test: http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/9734801b-e30c-4fcf-848c-5dabdabc23f9 Regards, Sabrina TechNet Subscriber Support If you are TechNet Subscriptionuser and have any feedback on our support quality, please send your feedback here.Sabrina TechNet Community Support

Hi, What about configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard to test this issue? See: Enabling BitLocker by Using the Command Line Also, you may try to use the script which stated in the following similar thread to test: http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/9734801b-e30c-4fcf-848c-5dabdabc23f9 Regards, Sabrina TechNet Subscriber Support If you are TechNet Subscriptionuser and have any feedback on our support quality, please send your feedback here.Sabrina TechNet Community Support

Hi, How are you? I would appreciate it if you could drop me a note to let me know the status of the issue. If you have any questions or concerns, please feel free to let me know. I am happy to be of further assistance. Regards, Sabrina TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Sabrina TechNet Community Support