Teemo's link goes far beyond what's really needed.
To have an additional method to start your pc, you simply boot windows, connect the stick (let it mount as x:, maybe) and then open an elevated command prompt and go
manage-bde -protectors c: -add s-k x:\
That command saves a startup key to your USB drive which will then allow to start without entering the PIN, when connected.
Bitlocker and TPM with USB Stick
Hi,
I am using Bitlocker on Windows 10 Enterprise. and on every boot I have to put the PIN. That is what I want. But how can I do that with a USB stick without put any PIN?
I mean fro Administrator is a easy way.
Regards
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
2 answers
Sort by: Most helpful
-
Anonymous
2020-08-07T07:50:09.493+00:00 -
Teemo Tang 11,466 Reputation points
2020-08-06T02:47:29.733+00:00 One thing we need to know: if one authentication method is required, the other methods cannot be allowed.
Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
Detailed steps here:
How to Use a USB Key to Unlock a BitLocker-Encrypted PC
https://www.howtogeek.com/262744/how-to-use-a-usb-key-to-unlock-a-bitlocker-encrypted-pc/
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.