You will not get the option to reset Pin in bitlocker when using TPM+PIN+StartupKey protectors in vista sp1
Aah i dont write blogs in such a nice format but this was written for an another document and i am putting same copy-paste here to save time.Hope this helps.
=======
SYMPTOMS
When you are using TPM+PIN+StartupKey protector on vista sp1 bitlocker enabled vista client you will not get the option to reset the pin when you go to Bitlocker drive encryption applet in control panel. The only option you receive when you choose "select keys to manage" is duplicate the recovery passowrd.
CAUSE
This is by design. Please use manage-bde.wsf to delete the exiting TPM+PIN+StartupKey protector and then add a new one if you need to reset the PIN. The GUI shows resetting PIN option only when there is a TPM+PIN protector.
RESOLUTION
1 Open the command prompt with administrator privilege.
2 Type:- cd c:\windows\system32
3 Type:- cscript manage-bde.wsf -protectors -delete c: (where c: is the volume being protected)
4 This command will remove all key protectors unless you provide additional parameters.
5 Press enter
6 Type :- cscript manage-bde.wsf -protectors -add (volume to be protected, for eg. c: ) -rp -rk (volume to store recovery key, for eg. f:) -tpsk -tp (pin that you want to be set for eg. 1234) -tsk (volume where you want to store the startup key for eg. g:)
7 Finally the command will appear as:- cscript manage-bde.wsf -protectors -add c: -rp -rk f: -tpsk -tp 1234 -tsk g:
8 You have sucessfully reset the pin.
======
The Information provided here is "AS IS"
Gaurav Anand
Comments
Anonymous
January 01, 2003
Thanks so much for this post. I guess that the TPM + Startup Key + PIN combination isn't too common. Nonetheless, I hope that support for it via Control Panel is introduced into Vista and Windows 7.Anonymous
February 14, 2010
regsterfor pin-------(mufp35qe)Anonymous
February 14, 2010
regsterwindowsvistasp1 ultimaet----for pin----------(MUFP35QE) OBAIDA2011@YAHOO.COM