Solved

Bitlocker---Trying to get it installed

Posted on 2013-06-04
18
379 Views
Last Modified: 2013-06-10
Have a "image" in SCCM.
We put the Win 7 Enterprise image on a bunch of craptops, and now we want bitlocker on them
The laptops have ONE drive (c:)

we try to run bitocker and it said we needed tpm...fine, we turn it on in the BIOS.
reboot and bitlocker runs, creates a key and creates a 300 meg partition but it goes no further
when we go into the TPM, the top two choices are greyed out.

we are just trying to do a "local" bitlocker with the key copy to desktop and a memory stick
Eventually we will use a server for that
0
Comment
Question by:DCrats
  • 10
  • 8
18 Comments
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
ID: 39220206
Hi.

> ...bitlocker runs, creates a key and creates a 300 meg partition but it goes no further
What should that mean, where exactly does it stop, what message do you encounter?
> bitlocker with the key copy to desktop and a memory stick
Bitlocker without using a TPM can be done. Look at this: http://www.7tutorials.com/how-enable-bitlocker-without-tpm-chip-windows-7-windows-8
0
 

Author Comment

by:DCrats
ID: 39222367
I guess the issue is that TPM is not initializing (greyed out)
this is local PC--not trying to use network setup or anything
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39222572
Hmm... I wonder if Windows really does not tell you what to do with the TPM. Well, anyway, what about using the second option I described, the memory stick?
0
 

Author Comment

by:DCrats
ID: 39222597
we saved the "key" to memory stick and locally...
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39222656
You did not read my link, did you?
In it, there is explained how to adjust one local policy and afterwards how to use the memory stick. No TPM needed that way. Read it, do it and you're good.
0
 

Author Comment

by:DCrats
ID: 39222733
We actually WANT to use TPM, but just do it standalone for now for testing.
Note: it appears TPM is working


How do you set a "decryption" password?



thanks -- that link did have some good info!!!!
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39223612
> How do you set a "decryption" password?
The decryption is possible after the drive is mounted, no special password needed.
But why decrypt, let's first encrypt :)

When I used a TPM with Bitlocker on vista 6 years ago, all I had to do was activate the TPM and tell Bitlocker to encrypt, that was all. Could you please screenshot the last screen you see until your try to encrypt goes no further and upload it here?
0
 

Author Comment

by:DCrats
ID: 39223712
WEll, I think we got it to encrypt :)  But we need a password on these to ensure the average user dosent de-crypt it.
Unfortunatley, because of some of our crap software, everyone needs to be admins...but that's another story.

Can we set a password on bitlocker to keep the user from de-crypting?
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39223951
No, you can't. Admins can't be stopped here.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:DCrats
ID: 39225598
any way in group policy to lock it down to keem them from decrypting?
I don't believe that MS would allow anyone (even admins) to decrypt without a password...major security hole.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39226326
It is no major hole, come on... admins can format the whole disk, so why try to keep them from encrypting it? Admins need to be trusted. Not a single GPO would apply if admins wanted to.

Sorry, no GPOs for that.
0
 

Author Comment

by:DCrats
ID: 39226741
These are LOCAL admins...and we don't want them de-crypting all wilily-nillie
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39227010
Yes, I was talking about local admins, too. Sorry, mit possible as there are no policies for it.
0
 

Author Comment

by:DCrats
ID: 39227092
I appreciate all your help on this....am reading up on how to set up a server to "manage" bitlocker on our clients...makes me want to drink.
0
 

Author Comment

by:DCrats
ID: 39227156
How about MBAM?
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39227350
Mbam does not offer further restrictions.
0
 

Author Comment

by:DCrats
ID: 39234446
ok---thanks for your help!
we will be goofing with this for a while I see.
0
 

Author Closing Comment

by:DCrats
ID: 39234448
good stuff
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
please tell me windows 1-10 7 62
How to open a zip file 4 63
Upgrade from Win7 Premium to Pro? 3 21
Deploying Windows 7 with MDT 4 16
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now