Altere o Bitlocker para usar o TPM mais uma chave USB e um PIN

0

Tenho o bitlocker em execução no Windows 7 (x86) em um laptop Dell D630 (ele tem 1,2 TPM).

Está sendo executado no modo transparente.

Gostaria de saber como configurá-lo para usar um PIN e uma chave USB, mas não consigo encontrar nada que pareça fazer isso na interface do usuário.

Alguém sabe como fazer isso?

Eu tenho que remover o bitlocker e reativá-lo?

(Isso deve ser possível de acordo com isso - link )

    
por Christopher Edwards 04.03.2010 / 14:52

1 resposta

2

De acordo com Matthias Hamann aqui :

To the great relief of any paranoid encryption junkie, Microsoft decided to add another mode, which requires TPM + PIN + USB Key to start up your computer. This feature was introduced with Service Pack 1 for Vista and makes it really hard for an attacker to get hold of your authentication details if you don’t write your PIN on your USB stick or get “questioned” by someone with a blow torch and a pair of pliers.

So how does it work? Well, although there is no GUI option for this new mode, it’s surprisingly simple to activate:

  1. Click on the Vista logo / start button.
  2. Type cmd in the search box and do NOT hit enter.
  3. Right-click on the command prompt item (cmd.exe) and select “Run as administrator” from the context menu.
  4. Enter cscript manage-bde.wsf -on c: -rp -rk d: -tpsk -tp 1234567 -tsk e: and hit enter. (“c:” is the drive which you want to encrypt / your OS volume; “d:” is the drive where the recovery key will be stored at; “1234567” is your secret PIN, which can consist of up to 20 digits; “e:” is your USB key.)
  5. Write down the recovery password and hide it at a SAFE location (e.g., under your keyboard ).
  6. Type exit and hit enter.
  7. DONE!
    
por 05.03.2010 / 14:10