Forcing bitlocker to automatically unlock a drive?
You can protect your OS drive with bitlocker using a password. This is similar to a PIN except there is no tpm. You will need to enable your local policy to allow non-tpm protection. See
http://www.techrepublic.com/blog/networking/configure-bitlocker-encryption-on-non-tpm-windows-systems/2248 for a description.
Once your OS drive is bitlocker protected then you can use "autounlock" to automatically unlock your fixed data drive.
Andrew
November 8th, 2011 2:46am
To use auto-unlock feature in bitlocker for fixed data drive, the OS drive has to be encrypted with bitlocker encryption.
If OS drive is not encrypted with bitlocker then auto-unlock feature is greyed out.
There are 5 Allowed protectors for bitlocker:
TPM, TPM+PIN, TPM+PIN+USB, TPM+USB and USB only.
So if you want to use PIN as a protector it only exists with TPM.
What you want is to start machine with a USB key and then enter a PIN - this is not possible with bitlocker.
I hope this helps you.
Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2011 11:10am
There is no way to fake a drive and think it is removable.
The way PIN works is with combination with TPM only.
If you read the architecture, then you will understand how TPM + PIN works.
http://technet.microsoft.com/en-us/library/cc732774(WS.10).aspx
Manoj Sehgal
November 27th, 2011 5:18pm
Hi, I've recently been trying to encrypt my computer for the extra security, but I noticed that I can't use a startup PIN without a TPM, so I decided I would use TrueCrypt for encrypting my OS drive, and Bitlocker to encrypt my secondary HDD.
Why not truecrypt for both, you may ask? Well, Acronis backup apparently incorrect thinks that when my secondary HDD is encrypted by truecrypt, it's a big slab of raw data, rather than a mounted encrypted drive. (Even say it's F:\ when the encrypted drive
itself shouldn't have a drive letter.)
Is there any way I can get BitLocker to force automatic unlocking of a fixed data drive, or somehow trick it into thinking it's a portable drive?
Even better would be a way to force BitLocker to have a startup PIN without a TPM (even if I had to use USB as a replacement for the TPM, and then enter a PIN code that'd be fine as well.)
Any other solutions are also welcome to be posted, thanks for any help given!
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2011 5:40pm
You can protect your OS drive with bitlocker using a password. This is similar to a PIN except there is no tpm. You will need to enable your local policy to allow non-tpm protection. See
http://www.techrepublic.com/blog/networking/configure-bitlocker-encryption-on-non-tpm-windows-systems/2248 for a description.
Once your OS drive is bitlocker protected then you can use "autounlock" to automatically unlock your fixed data drive.
Andrew
November 27th, 2011 7:12pm
So there is no way to force it to automatically unlock a fixed data drive, nor to fake it into thinking it's a removable one? A bit lame for Microsoft not to add non-TPM PIN functionality.
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2011 10:41pm