Reputation: 21
My OS drive (Windows 11, drive C:) is currently password protected. I want to Remote Desktop into it, so I want to remove the password protection and let TPM handle it.
The Control Panel Bitlocker page doesn't have "Change how drive is unlocked at startup" as an option. And when I type manage-bde -protectors -add C: -tpm
I get this error:
A TPM key protector cannot be added because a password protector exists on the drive.
I have the Bitlocker Operating System Drives group policy set as follows:
The results of manage-bde -status C:
BitLocker Version: 2.0 Conversion Status: Fully Encrypted Percentage Encrypted: 100.0% Encryption Method: XTS-AES 128 Protection Status: Protection On Lock Status: Unlocked Identification Field: Unknown Key Protectors: Password Numerical Password
Any help is appreciated.
EDIT: The only way I figured out how to do it was to unencrypt the drive and start the encryption process over.
Upvotes: 1
Views: 2452
Reputation: 31
First get the status of your hard drive: 'Manage-bde -status c:'
Next, then delete the password related information: 'Manage-bde – protectors -delete c: -type password'
Next, Add TPM to the list: 'Manage-bde -protectors -add c: -tpm'
Upvotes: 3