Bitlocker and TPM with USB Stick

MPEG 336 Reputation points
2020-08-05T09:38:15.483+00:00

Hi,

I am using Bitlocker on Windows 10 Enterprise. and on every boot I have to put the PIN. That is what I want. But how can I do that with a USB stick without put any PIN?
I mean fro Administrator is a easy way.

Regards

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous
    2020-08-07T07:50:09.493+00:00

    Teemo's link goes far beyond what's really needed.
    To have an additional method to start your pc, you simply boot windows, connect the stick (let it mount as x:, maybe) and then open an elevated command prompt and go
    manage-bde -protectors c: -add s-k x:\
    That command saves a startup key to your USB drive which will then allow to start without entering the PIN, when connected.

    1 person found this answer helpful.

  2. Teemo Tang 11,466 Reputation points
    2020-08-06T02:47:29.733+00:00

    One thing we need to know: if one authentication method is required, the other methods cannot be allowed.
    Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
    If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
    Detailed steps here:
    How to Use a USB Key to Unlock a BitLocker-Encrypted PC
    https://www.howtogeek.com/262744/how-to-use-a-usb-key-to-unlock-a-bitlocker-encrypted-pc/
    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.