If you are overly security conscious or just want to go that extra mile with BitLocker there is is the ability to get prompted for a pin when booting your machine. Unfortunately, how to enable this is not a straight forward as selecting an option from a menu. To do it you must run the following command
manage-bde -protectors -add e: -TPMAndPIN 1234
From the command line help..
manage-bde -protectors -add Volume
[{-RecoveryPassword|-rp} [NumericalPassword]]
[{-RecoveryKey|-rk} PathToExternalKeyDirectory]
[{-StartupKey|-sk} PathToExternalKeyDirectory]
[-TPM]
[{-TPMAndPIN|-tp} PIN]
[{-TPMAndStartupKey|-tsk} PathToExternalKeyDirectory]
[{-TPMAndPinAndStartupKey|-tpsk} -tp PIN -tsk
PathToExternalKeyDirectory]
[{-ComputerName|-cn} ComputerName]
[{-?|/?}] [{-Help|-h}]
Description:
Adds key protection methods.
Parameter List:
Volume A drive letter followed by a colon. Example: "C:"
-RecoveryPassword or -rp
Adds a Numerical Password protector.
-RecoveryKey or -rk
Adds an External Key protector for recovery.
-StartupKey or -sk
Adds an External Key protector for startup.
-TPMAndPIN or -tp
Adds a TPM And PIN protector for the OS volume.
-TPMAndStartupKey or -tsk
Adds a TPM And Startup Key protector for the OS volume.
-TPMAndPINAndStartupKey or -tpsk
Adds a TPM And PIN And Startup Key protector for the OS volume.
-tpm Adds a TPM protector for the OS volume.
-ComputerName or -cn
Runs on another computer. Examples: "ComputerX", "127.0.0.1"
-? or /? Displays brief help. Example: "-ParameterSet -?"
-Help or -h Displays complete help. Example: "-ParameterSet -h"
Examples:
manage-bde -protectors -add c: -RecoveryPassword
manage-bde -protectors -add c: -rp -rk h:\
manage-bde -protectors -add c: -TPMAndPIN 1234
No comments yet
Comments feed for this article