You are currently browsing the category archive for the ‘Security’ category.

If you are overly security conscious or just want to go that extra mile with BitLocker there is is the ability to get prompted for a pin when booting your machine.    Unfortunately, how to enable this is not a straight forward as selecting an option from a menu.   To do it you must run the following command

manage-bde -protectors -add e: -TPMAndPIN 1234

From the command line help..

manage-bde -protectors -add Volume
        [{-RecoveryPassword|-rp} [NumericalPassword]]
        [{-RecoveryKey|-rk} PathToExternalKeyDirectory]
        [{-StartupKey|-sk} PathToExternalKeyDirectory]
        [-TPM]
        [{-TPMAndPIN|-tp} PIN]
        [{-TPMAndStartupKey|-tsk} PathToExternalKeyDirectory]
        [{-TPMAndPinAndStartupKey|-tpsk} -tp PIN -tsk
            PathToExternalKeyDirectory]
        [{-ComputerName|-cn} ComputerName]
                [{-?|/?}] [{-Help|-h}]

Description:
    Adds key protection methods.

Parameter List:
    Volume      A drive letter followed by a colon. Example: "C:"
    -RecoveryPassword or -rp
                Adds a Numerical Password protector.
    -RecoveryKey or -rk
                Adds an External Key protector for recovery.
    -StartupKey or -sk
                Adds an External Key protector for startup.
    -TPMAndPIN or -tp
                Adds a TPM And PIN protector for the OS volume.
    -TPMAndStartupKey or -tsk
                Adds a TPM And Startup Key protector for the OS volume.
    -TPMAndPINAndStartupKey or -tpsk
                Adds a TPM And PIN And Startup Key protector for the OS volume.
    -tpm        Adds a TPM protector for the OS volume.
    -ComputerName or -cn
                Runs on another computer. Examples: "ComputerX", "127.0.0.1"
    -? or /?    Displays brief help. Example: "-ParameterSet -?"
    -Help or -h Displays complete help. Example: "-ParameterSet -h"

Examples:
    manage-bde -protectors -add c: -RecoveryPassword
    manage-bde -protectors -add c: -rp -rk h:\
    manage-bde -protectors -add c: -TPMAndPIN 1234

Advertisements

About

I am a MCTS in Team Foundation Server based in Canberra, Australia. My passion is to improve developer productivity using tools like TFS.

I'm currently employed as a Senior Consultant at Readify

Tools I have Developed

  • TFS Integrator
  • TFS Deployer
  • TFS Listener

del.icio.us