<div>
<blockquote>
the users would need to have a USB drive connected at boot that contains the decryption key.
</blockquote>
No, you can just use a startup key and backup the key file for future recovery
</div>


> the users would need to have a USB drive connected at boot that contains the decryption key.

No, you can just use a startup key and backup the key file for future recovery

<div>
Right but that startup key on a non-TPM computer must be on a flash drive:<br />
<br />
<a href="https://technet.microsoft.com/en-us/library/hh831507(v=ws.11).aspx" rel="ugc">https://technet.microsoft.com/en-us/library/hh831507(v=ws.11).aspx</a><br />
<br />
So does that flash drive need to remain connected after startup? &nbsp;Or can i remove it once Windows is booted in order to free up the USB port?
</div>


Right but that startup key on a non-TPM computer must be on a flash drive:

https://technet.microsoft.com/en-us/library/hh831507(v=ws.11).aspx [https://technet.microsoft.com/en-us/library/hh831507(v=ws.11).aspx]

So does that flash drive need to remain connected after startup?  Or can i remove it once Windows is booted in order to free up the USB port?

<div>
It boots without the USB and you use it without USB. You only need key when recovery is triggered
</div>


It boots without the USB and you use it without USB. You only need key when recovery is triggered

bitlocker1.jpg

<div>
That's a great link. &nbsp;Thanks for that!
</div>


<div>
<div class="content wysiwyg-content">
Hello All,<br />
<br />
We are toying with implementing BitLocker on all workstations via GPO. &nbsp;As usual, our wild is a couple of MacBooks that run Windows via BootCamp. Apple does not install a TPM chip on their systems, so if we were to encrypt these Windows installations, the users would need to have a USB drive connected at boot that contains the decryption key.<br />
<br />
Does anyone know if this USB drive needs to remain connected at all times? or can it be removed once the operating system has loaded?
</div>
</div>


Hello All,

We are toying with implementing BitLocker on all workstations via GPO.  As usual, our wild is a couple of MacBooks that run Windows via BootCamp. Apple does not install a TPM chip on their systems, so if we were to encrypt these Windows installations, the users would need to have a USB drive connected at boot that contains the decryption key.

Does anyone know if this USB drive needs to remain connected at all times? or can it be removed once the operating system has loaded?

Remove BitLocker Startup key once OS is booted?

Operating systems perform basic tasks, such as recognizing input from the keyboard, sending output to the display screen, keeping track of files and directories on the disk, and controlling peripheral devices such as disk drives and printers. For large systems, the operating system makes sure that different programs and users running at the same time do not interfere with each other. The operating system is also responsible for security, ensuring that unauthorized users do not access the system. Operating systems provide a software platform on top of which other programs, called application programs, can run.

Operating Systems

BitLocker

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

Mac OS X is the desktop operating system from Apple Inc., found on Macintosh computers. OS X consists of a Mach/BSD-based kernel, operating system interfaces primarily based on FreeBSD and additional frameworks (written in C, C++ and Objective-C providing user interface and application-level services.