Forcing bitlocker to automatically unlock a drive?
You can protect your OS drive with bitlocker using a password. This is similar to a PIN except there is no tpm. You will need to enable your local policy to allow non-tpm protection. See http://www.techrepublic.com/blog/networking/configure-bitlocker-encryption-on-non-tpm-windows-systems/2248 for a description. Once your OS drive is bitlocker protected then you can use "autounlock" to automatically unlock your fixed data drive. Andrew
November 8th, 2011 2:46am

To use auto-unlock feature in bitlocker for fixed data drive, the OS drive has to be encrypted with bitlocker encryption. If OS drive is not encrypted with bitlocker then auto-unlock feature is greyed out. There are 5 Allowed protectors for bitlocker: TPM, TPM+PIN, TPM+PIN+USB, TPM+USB and USB only. So if you want to use PIN as a protector it only exists with TPM. What you want is to start machine with a USB key and then enter a PIN - this is not possible with bitlocker. I hope this helps you. Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2011 11:10am

There is no way to fake a drive and think it is removable. The way PIN works is with combination with TPM only. If you read the architecture, then you will understand how TPM + PIN works. http://technet.microsoft.com/en-us/library/cc732774(WS.10).aspx Manoj Sehgal
November 27th, 2011 5:18pm

Hi, I've recently been trying to encrypt my computer for the extra security, but I noticed that I can't use a startup PIN without a TPM, so I decided I would use TrueCrypt for encrypting my OS drive, and Bitlocker to encrypt my secondary HDD. Why not truecrypt for both, you may ask? Well, Acronis backup apparently incorrect thinks that when my secondary HDD is encrypted by truecrypt, it's a big slab of raw data, rather than a mounted encrypted drive. (Even say it's F:\ when the encrypted drive itself shouldn't have a drive letter.) Is there any way I can get BitLocker to force automatic unlocking of a fixed data drive, or somehow trick it into thinking it's a portable drive? Even better would be a way to force BitLocker to have a startup PIN without a TPM (even if I had to use USB as a replacement for the TPM, and then enter a PIN code that'd be fine as well.) Any other solutions are also welcome to be posted, thanks for any help given!
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2011 5:40pm

You can protect your OS drive with bitlocker using a password. This is similar to a PIN except there is no tpm. You will need to enable your local policy to allow non-tpm protection. See http://www.techrepublic.com/blog/networking/configure-bitlocker-encryption-on-non-tpm-windows-systems/2248 for a description. Once your OS drive is bitlocker protected then you can use "autounlock" to automatically unlock your fixed data drive. Andrew
November 27th, 2011 7:12pm

So there is no way to force it to automatically unlock a fixed data drive, nor to fake it into thinking it's a removable one? A bit lame for Microsoft not to add non-TPM PIN functionality.
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2011 10:41pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics