De acordo com Matthias Hamann aqui :
To the great relief of any paranoid encryption junkie, Microsoft decided to add another mode, which requires TPM + PIN + USB Key to start up your computer. This feature was introduced with Service Pack 1 for Vista and makes it really hard for an attacker to get hold of your authentication details if you don’t write your PIN on your USB stick or get “questioned” by someone with a blow torch and a pair of pliers.
So how does it work? Well, although there is no GUI option for this new mode, it’s surprisingly simple to activate:
- Click on the Vista logo / start button.
- Type cmd in the search box and do NOT hit enter.
- Right-click on the command prompt item (cmd.exe) and select “Run as administrator” from the context menu.
- Enter
cscript manage-bde.wsf -on c: -rp -rk d: -tpsk -tp 1234567 -tsk e:and hit enter. (“c:” is the drive which you want to encrypt / your OS volume; “d:” is the drive where the recovery key will be stored at; “1234567” is your secret PIN, which can consist of up to 20 digits; “e:” is your USB key.)- Write down the recovery password and hide it at a SAFE location (e.g., under your keyboard ).
- Type exit and hit enter.
- DONE!