I should have some questions about optimal configuration of Bitlocker with EFS together professional finger print reader. a. -- The Bitlocker in Windows Seven Ultimate supports fingerprint readers with smart card for the Bitlocker log in ( TPM 1.2 + pin + usb key boot ) in way to use the fingerprint reader instead of pin ? the win. 7 ult. Supports fingerprint reader configured with bitlocker also for login board bios? b. -- The Bitlocker through the hardware and bios configuration’s checking carried out by TPM 1.2, check also the boot changing like the boot bios change? Also when someone try to get the board bios password through brute-force attack ? c. -- If Bitlocker is configured in win. 7 Ult. with TPM 1.2 +pin/fingerprint reader with s.c. + usb key boot if the owner lost the usb key boot is necessary the recovery using the recovery usb key for to generate a new usb key. Is the same for the pin loss and the owner will have need always of recovery usb key? d. -- For an optimal configuration finalized to get an further safety level with Encrypting File System, the Microsoft technet’s guide advice of delay the paging file to every re-boot, not enable the ”hibernation mode”, to enable the 3des crypting algorithm or to enable the “startup key protection”. All this configurations, can to generate conflicts with the Bitlocker configuration when it is used with TPM 1.2 +pin/fingerprint reader with s.c. + usb key boot? e. -- the usb key boot and the usb key recovery can to be stored on usb key with crypting algorithm AES 256 bit and RSA 2048 bit and to be encrypted on the key usb? f. – about the board intel DQ45CB it is supplied by factory with TPM 1.2 and with the chipset Intel Q45 Express. For to enable the tpm 1.2 I must purchase the chipset and ask to the desktop’s shop of install it on the board intel or is already included with the board? Many thanks for the answer Valrife

Hi Valrife, Thank you for your questions. We'd recommend that you start up a new thread for each question seperately. We generally focus on one topic in one thread because in this way it will be better for other community members to participate in the discussion, and to search/find specific answers more efficiently in the future. Your understanding is greatly appreciated. For Question a, please understand that fingerprint readers is logon oriented while Bitlocker to Go focus on accessing data on specific hard drive. There haven’t any information on the combination of both way. For general information, please visit: http://technet.microsoft.com/en-us/library/dd548337(WS.10).aspx Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, There is a solution which is very close to your requirement - biometrics USB Key, AES encryption. Please visit www.biocryptodisk.com/BSS.html for video demo. In addition, it offers USB end point solution to prevent anybody from duplicating your startup key at will. Good Luck!