Disabling boot component validation in Bitlocker
Juke, thanks for your information on this. If I do enable "Configure TPM protection validation profile" policy and check only PCR 11, will it then disable boot component validation and enable only disk encryption? Thanks.
September 27th, 2012 9:38am

Since there's no easy way of figuring out why Bitlocker is going into recovery mode, we are considering disabling the boot component validation for Bitlocker and leverage only disk encryption. Either way, how can one disable the boot validation component in Bitlocker. There doesn't seem to be any documentation on that. Is this the right way? Windows Components\Bitlocker Drive Encryption\Operating System Drives\Configure TPM protection validation profile. Enable and uncheck all options from there. Is this correct? And if so, does this mean that the disk will never go into recovery mode on that same machine provided that the TPM chip hasn't been tampered with?
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2012 10:24am

Hi, If you disable or do not configure this policy setting, the TPM uses the default platform validation profile or the platform validation profile specified by the setup script. Respectively, of the PCRs. For BitLocker protection to be enabled, the platform validation profile must include PCR 11. Please decrypt the drives that are encrypted by Bitlocker before making this change. then uncheck every item except PCR 11. Also, I would like to share the following document with you. What causes BitLocker to start into recovery mode when attempting to start the operating system drive? http://technet.microsoft.com/en-us/library/ee449438(v=ws.10).aspx#BKMK_examplesosrec TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere. Juke Chou TechNet Community Support
September 28th, 2012 4:08am

Hi, I havenot tested it, but I found a thread that mentioned this issue. Please refer to the following post. http://social.technet.microsoft.com/Forums/en-US/itprovistasecurity/thread/66b8fa61-5603-4e9b-a7de-e8226086e568 Juke Chou TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2012 4:38am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics