Bitlocker

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have two question that i need to clarify?
First, How not having a TPM chip affects bitlocker? is it the early-boot
component that i require? because i understand that i CAN use a USB for this

Second, if i take a Bitlocker encripted disk and plug it as a secondary
drive on another computer, how can i read it (For restore purposes)

Thanks.
Or.
 
Compared to a USB flash drive, the TMP chip is integrated into the
motherboard and "always plugged in". If you have a TMP, you can also add a
PIN/password to be typed in when the computer starts (in addition to any
passwords on user accounts).

I don't think you can read an encrypted hard drive without the encryption
key, but I haven't tried. I'll try it now and let you know.
 
Please tell me, is there any difference of running a Laptop with a "TPM
Transparent" Bitlocker state (Without the use of PIN\USB) and not running
Bitlocker at all?
I mean, if the computer get stolen, the thief could read the info on the
drive because the TPM handels the encryption.

Or.
 
The only difference I can see is if only the hard drive is stolen. And
you're right, if the whole computer is stolen, and BitLocker is still in
transparent mode, it will still be transparent.
 
Thanks for the quick response.

I have another question qbout security for you
It's a simple one,
How does the NAP Health server directs me to a quarnatined Network when my
health certificate is inadiquate? Does it tells my DHCP Server to change my
IP? Or maybe tells the switch hardware to move me to a VLAN?

Thanks.
Or.
 
A couple of clarifications on BitLocker for you regarding your questions on
this thread:

(1) How to read the disk in another computer for restore purposes

For this scenario, a USB key or password is required. The "manage-bde"
command line interface, which wraps around the WMI interface, is the most
powerful way to address all desired restore scenarios.

(2) Can a thief read a TPM protected disk?

In the TPM-only case, the TPM is protecting the OS. Although the OS has full
access to the data because the OS has the key, it is protecting access to
the disk. For this security to work successfully, it is important that the
logon password is strong. I.e. a blank password would allow the thief access
to the data :).
In summary, TPM ensures OS cannot have the key if it is cracked. IS has key
if the OS is not cracked. Thief cannot get key without cracking OS.

TPM+USB or TPM+PIN does provided extra security depth, however these usually
have a usability pain factor associated with them.
-
Jamie Hunter [MS]
 
Back
Top