You ask if there is a way to prevent bootup unless a USB Key is plugged in. This is possible, and it helps protect your data if your harddrive/computer is stolen.
However, you also mentioned that you want the USB Key to prevent someone with remote access to your computer from logging in. This second part to your question doesn't really make any sense. If someone has remote access to your system, it assumes that the system is already booted. In which case, the USB Key required for booting is of no relevance.
Perhaps what you are really asking is if there is a way to disable Remote Access, or if there is a way to only enable Remote Access when certain conditions are met (e.g. if a USB Key is inserted). One way to do this is to write a script. For now, in this answer, I will just show you how to require a USB Key to boot up to Windows.
I am assuming you do not have a TPM (Trusted Platform Module). Most people don't have this in their PCs. If you do have a TPM, you can probably skip step 1 to 4. If you don't know whether or not you have a TPM, you should just perform step 1 to 4. Even if you do have TPM, performing those steps shouldn't be of any harm.
Attached at the end of the answer are a few images relevant to the steps.
- Open Group Policy Editor. Do this by searching
gpedt.msc
in Windows Search.
- Navigate to
Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives
.
- Double Click
Require Additional Authentication at Startup
.
- Select
Enable
and make sure Allow BitLocker without a...
is checked.
- Open BitLocker settings by searching
Manage BitLocker
.
- Select your Boot Drive (Usually, it is
C:
) and click Turn on BitLocker
.
- Insert your USB Key, and follow the steps of the prompt.
When finished, you will be required to insert your USB Key every time you boot up the Computer in order for it to boot into Windows. In addition, if your Hard Drive or Computer is stolen, and the thief does not have your USB Key, your data will be protected.
Below are some relavent images. The first one is for Step 2 and 3. The second one is for Step 4.
Step 2 and 3 Reference
![Step 2 and 3](../../I/static/images/05d4d703adafc4981a004993bc28f1cf134269becf3a3cf3d9fadbfbecb7a510.png)
Step 4 Reference
![Step 4](../../I/static/images/fcbe46b28e667fac794fb4d40e70e2a204477314545447796871cad594f0a730.png)
1
What about Smart Cards.
– RogUE – 2015-09-20T12:35:54.4201You can use BitLocker or SysKey. – user364455 – 2015-09-20T12:36:50.973
Smart Cards would work, but I'm wondering if you could use a USB for this purpose... After all, smart cards need a special reader etcetera – Anton8000 – 2015-09-20T12:50:59.390
If a hacker has remote access, then I guess they would not even see any login window. Is not like your computer is not running whenever that login window is shown. – Arjan – 2015-09-20T13:31:01.310
https://www.yubico.com/applications/computer-login/windows/windows-login/ – Neil McGuigan – 2015-09-20T18:10:40.600