Reputation: 21
How can I switch a bitlocked drive from password protected to TPM-only?
My OS drive (Windows 11, drive C:) is currently password protected. I want to Remote Desktop into it, so I want to remove the password protection and let TPM handle it.
The Control Panel Bitlocker page doesn't have "Change how drive is unlocked at startup" as an option. And when I type manage-bde -protectors -add C: -tpm
I get this error:
A TPM key protector cannot be added because a password protector exists on the drive.
I have the Bitlocker Operating System Drives group policy set as follows:
- Require Additional authentication at startup: Enabled.
- Allow BitLocker without compatible TPM: unchecked
- Configure TPM startup: Allow (I also tried "require")
- Configure TPM startup PIN: Allow
- the rest of the options: Do not allow
The results of manage-bde -status C:
BitLocker Version: 2.0 Conversion Status: Fully Encrypted Percentage Encrypted: 100.0% Encryption Method: XTS-AES 128 Protection Status: Protection On Lock Status: Unlocked Identification Field: Unknown Key Protectors: Password Numerical Password
Any help is appreciated.
EDIT: The only way I figured out how to do it was to unencrypt the drive and start the encryption process over.
Upvotes: 1
Views: 2470
Answers (1)
Reputation: 31
First get the status of your hard drive: 'Manage-bde -status c:'
Next, then delete the password related information: 'Manage-bde – protectors -delete c: -type password'
Next, Add TPM to the list: 'Manage-bde -protectors -add c: -tpm'
Upvotes: 3
Related Questions
- TPM Owner password and lockout password with Windows 10 & linux
- Where in the boot process does the TPM decrypt or start decrypting a drive encrypted with BitLocker
- Checking status of Bitlocker is return null
- How to enable Bitlocker for C drive or any drive?
- Impossible to set TPM+PIN mode for Bitlocker (0x80310060)