loosenut
loosenut

Reputation: 21

How can I switch a bitlocked drive from password protected to TPM-only?

My OS drive (Windows 11, drive C:) is currently password protected. I want to Remote Desktop into it, so I want to remove the password protection and let TPM handle it.

The Control Panel Bitlocker page doesn't have "Change how drive is unlocked at startup" as an option. And when I type manage-bde -protectors -add C: -tpm I get this error:

A TPM key protector cannot be added because a password protector exists on the drive.

I have the Bitlocker Operating System Drives group policy set as follows:

The results of manage-bde -status C:

BitLocker Version:    2.0
Conversion Status:    Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method:    XTS-AES 128
Protection Status:    Protection On
Lock Status:          Unlocked
Identification Field: Unknown
Key Protectors:
    Password
    Numerical Password

Any help is appreciated.

EDIT: The only way I figured out how to do it was to unencrypt the drive and start the encryption process over.

Upvotes: 1

Views: 2452

Answers (1)

Andy
Andy

Reputation: 31

First get the status of your hard drive: 'Manage-bde -status c:'

Next, then delete the password related information: 'Manage-bde – protectors -delete c: -type password'

Next, Add TPM to the list: 'Manage-bde -protectors -add c: -tpm'

Upvotes: 3

Related Questions