awgit
asked on
Command Line to disable BitLocker Startup Pin
Using the command line to manage two features in BitLocker.
1. Enable startup pin once the volume is already encrypted.
2. Disable the pin that is enabled in #1
I have sucessfully performed step 1 by using the following:
cscript %systemroot%\system32\mana ge-bde.wsf -protectors -add %systemdrive% -tpmandpin 1234
When I try to remove it with the following...
cscript %systemroot%\system32\mana ge-bde.wsf -protectors -delete C: -Type TPMAndPin
I get the BitLocker recovery when I start the PC. Apparently I am not removing it correctly.... any ideas?
1. Enable startup pin once the volume is already encrypted.
2. Disable the pin that is enabled in #1
I have sucessfully performed step 1 by using the following:
cscript %systemroot%\system32\mana
When I try to remove it with the following...
cscript %systemroot%\system32\mana
I get the BitLocker recovery when I start the PC. Apparently I am not removing it correctly.... any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That I am not sure of, but you can try to find out.
Unfortunately my laptop does not support TPM so when I do bitlocker I have to store my decrypt key on a thumb drive. And while I like that as I feel it makes it more secure (just don't leave the thumb drive with the laptop) it has prevented me from getting experience with the TPM system.
eb
Unfortunately my laptop does not support TPM so when I do bitlocker I have to store my decrypt key on a thumb drive. And while I like that as I feel it makes it more secure (just don't leave the thumb drive with the laptop) it has prevented me from getting experience with the TPM system.
eb
After you delete the TPMandPIN data: cscript %systemroot%\system32\mana ge-bde.wsf -protectors -delete C: -Type TPMAndPin
You can then re-enable "just TPM' support without a PIN with the following:
cscript %systemroot%\system32\mana ge-bde.wsf -protectors -add %systemdrive% -tpm
You can then re-enable "just TPM' support without a PIN with the following:
cscript %systemroot%\system32\mana
It is faster to disable Bitlocker:
Disable:
cscript manage-bde.wsf -protectors -disable c:
Or try to show the pin:
Disable:
cscript manage-bde.wsf -protectors -disable c:
Or try to show the pin:
ASKER
thanks