2

I have done some research on using BitLocker in an environment where the machines do not have a TPM and it appears you will need to utilize a Flash Drive for it to work properly. This seems to be the case for Windows 7 and Windows 2008 R2.

I have read conflicting information pertaining to Windows 8 and Windows 2012 R2 for which claim BitLocker can be utilized without the use of TPM and a USB drive.

Is this true? Has anyone had experience using BitLocker without TPM or a USB flash drive? If so does it only pertain to Windows 8 and 2012R2 as some information suggests? If this is the case is there a reputable website I have yet to find that explains this in detail?

user2104891
  • 127
  • 2
  • 12
  • Why would you need a flash drive? You could just use a passphrase. – Michael Hampton Oct 23 '14 at 15:55
  • @MichaelHampton Microsoft's documentation says a flash drive is required when using Bitlocker without TPM. [MS1](http://technet.microsoft.com/en-us/library/cc732725%28v=ws.10%29.aspx) [MS2](http://technet.microsoft.com/en-us/library/cc732774.aspx) If this is really not required then great, but I haven't seen anywhere in the configuration where you could only use a password. – user2104891 Oct 23 '14 at 15:57

2 Answers2

4

Windows 7 and Vista (and their corresponding Windows Server versions) only supported using TPM or USB-based protectors for the OS drive. A password protector could only be used on data drives (reference: the -add option of the manage-bde -protectors command).

New Bitlocker provisioning functioning in Windows 8 allows a password protector to be used for the OS drive.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • Hey! Stop beating me to the to the punch. ... Go answer some Linux questions and beat ewwhite for a while. :p Anyway, you may want to reference [the Windows 8/Server 2012 Bitlocker Overview](http://technet.microsoft.com/en-us/library/hh831713.aspx), which has a nice quote, directly to the OP's question: `In Windows 8 using an operating system volume password is another option to protect the operating system volume on a computer without TPM.` – HopelessN00b Oct 23 '14 at 16:36
  • Oh right. I got rid of Vista as fast as I could, and 7 almost as fast... – Michael Hampton Oct 23 '14 at 16:40
  • Thank you Evan, our customer wishes to utilize BitLocker but none of the machines have TPM and flash drives are not allowed and needed to find more documentation to support this. – user2104891 Oct 23 '14 at 17:02
0

Yes without TPM you lose pre-startup system integrity verification and requires a flash drive. The windows 7 version of the docs you are looking for are here: (http://technet.microsoft.com/en-us/library/dd875544(v=ws.10).aspx ) The Windows 8 version is here (http://technet.microsoft.com/en-us/library/dn641993.aspx)

Jim B
  • 23,938
  • 4
  • 35
  • 58