Bitlocker---Trying to get it installed

Have a "image" in SCCM.
We put the Win 7 Enterprise image on a bunch of craptops, and now we want bitlocker on them
The laptops have ONE drive (c:)

we try to run bitocker and it said we needed tpm...fine, we turn it on in the BIOS.
reboot and bitlocker runs, creates a key and creates a 300 meg partition but it goes no further
when we go into the TPM, the top two choices are greyed out.

we are just trying to do a "local" bitlocker with the key copy to desktop and a memory stick
Eventually we will use a server for that
DCratsAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
Hi.

> ...bitlocker runs, creates a key and creates a 300 meg partition but it goes no further
What should that mean, where exactly does it stop, what message do you encounter?
> bitlocker with the key copy to desktop and a memory stick
Bitlocker without using a TPM can be done. Look at this: http://www.7tutorials.com/how-enable-bitlocker-without-tpm-chip-windows-7-windows-8
0
 
DCratsAuthor Commented:
I guess the issue is that TPM is not initializing (greyed out)
this is local PC--not trying to use network setup or anything
0
 
McKnifeCommented:
Hmm... I wonder if Windows really does not tell you what to do with the TPM. Well, anyway, what about using the second option I described, the memory stick?
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
DCratsAuthor Commented:
we saved the "key" to memory stick and locally...
0
 
McKnifeCommented:
You did not read my link, did you?
In it, there is explained how to adjust one local policy and afterwards how to use the memory stick. No TPM needed that way. Read it, do it and you're good.
0
 
DCratsAuthor Commented:
We actually WANT to use TPM, but just do it standalone for now for testing.
Note: it appears TPM is working


How do you set a "decryption" password?



thanks -- that link did have some good info!!!!
0
 
McKnifeCommented:
> How do you set a "decryption" password?
The decryption is possible after the drive is mounted, no special password needed.
But why decrypt, let's first encrypt :)

When I used a TPM with Bitlocker on vista 6 years ago, all I had to do was activate the TPM and tell Bitlocker to encrypt, that was all. Could you please screenshot the last screen you see until your try to encrypt goes no further and upload it here?
0
 
DCratsAuthor Commented:
WEll, I think we got it to encrypt :)  But we need a password on these to ensure the average user dosent de-crypt it.
Unfortunatley, because of some of our crap software, everyone needs to be admins...but that's another story.

Can we set a password on bitlocker to keep the user from de-crypting?
0
 
McKnifeCommented:
No, you can't. Admins can't be stopped here.
0
 
DCratsAuthor Commented:
any way in group policy to lock it down to keem them from decrypting?
I don't believe that MS would allow anyone (even admins) to decrypt without a password...major security hole.
0
 
McKnifeCommented:
It is no major hole, come on... admins can format the whole disk, so why try to keep them from encrypting it? Admins need to be trusted. Not a single GPO would apply if admins wanted to.

Sorry, no GPOs for that.
0
 
DCratsAuthor Commented:
These are LOCAL admins...and we don't want them de-crypting all wilily-nillie
0
 
McKnifeCommented:
Yes, I was talking about local admins, too. Sorry, mit possible as there are no policies for it.
0
 
DCratsAuthor Commented:
I appreciate all your help on this....am reading up on how to set up a server to "manage" bitlocker on our clients...makes me want to drink.
0
 
DCratsAuthor Commented:
How about MBAM?
0
 
McKnifeCommented:
Mbam does not offer further restrictions.
0
 
DCratsAuthor Commented:
ok---thanks for your help!
we will be goofing with this for a while I see.
0
 
DCratsAuthor Commented:
good stuff
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.