Disabling boot component validation in Bitlocker
Juke, thanks for your information on this. If I do enable "Configure TPM protection validation profile" policy and check
only PCR 11, will it then disable boot component validation and enable only disk encryption? Thanks.
September 27th, 2012 9:38am
Since there's no easy way of figuring out why Bitlocker is going into recovery mode, we are considering disabling the boot component validation for Bitlocker and leverage only disk encryption. Either way, how can one disable the boot validation component
in Bitlocker. There doesn't seem to be any documentation on that. Is this the right way?
Windows Components\Bitlocker Drive Encryption\Operating System Drives\Configure TPM protection validation profile. Enable and uncheck all options from there.
Is this correct? And if so, does this mean that the disk will never go into recovery mode on that same machine provided that the TPM chip hasn't been tampered with?
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2012 10:24am
Hi,
If you disable or do not configure this policy setting, the TPM uses the default platform validation profile or the platform validation profile specified by the setup script. Respectively, of the PCRs. For BitLocker protection to be enabled, the platform
validation profile must include PCR 11. Please decrypt the drives that are encrypted by Bitlocker before making this change. then uncheck every item except PCR 11.
Also, I would like to share the following document with you.
What causes BitLocker to start into recovery mode when attempting to start the operating system drive?
http://technet.microsoft.com/en-us/library/ee449438(v=ws.10).aspx#BKMK_examplesosrec
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.
Juke Chou
TechNet Community Support
September 28th, 2012 4:08am
Hi,
I havenot tested it, but I found a thread that mentioned this issue. Please refer to the following post.
http://social.technet.microsoft.com/Forums/en-US/itprovistasecurity/thread/66b8fa61-5603-4e9b-a7de-e8226086e568
Juke Chou
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2012 4:38am