D
DavidGoodwin1
Guest
Hi and Thank you,
No files are saved to USB when generating protector key in powershell (Admin)
I have a home built PC win 10 1909 that has a TPM header. The mobo is MSI b360 and I bought a new MSI (infineon 1.2 / 2.0 v. 5.63.3353). I connected the TPM to the mobo and booted into bios. Enabled version to auto so that win10 can set between 1.2 and 2.0. dTPM is also enabled. The hash policy is sha256 all other securities are enabled. Started windows, turned on bitlocker. I cleared the TPM and took ownership. Encrypted C/ drive. Set gpolicy to enable pin and key. Inserted a fresh formatted 8 GB USB to fat32 drive O: Stored 2 txt files from OS. IE cmd Dir can see files dir. Set file options to unhide system files.
PS Admin And tried CMD for the heck of it.
manage-bde -protectors -add C: -RecoveryKey O:
Key protectors added
Saved to directory O:
External Key:
ID: {********-****-****-****-************}
External Key File Name:
********-****-****-****-************.BEK
No files, Hidden or not. Is this not the CMD to create a Key protector?
I know there is more to configure like the Pin. But I am concerned that if I reboot now, I will be asked to insert USB with Key and I don’t have that yet.
So at this time I have unencrypted the C: drive with Bitlocker still on. I have tried several workarounds to get the files to save to the drive but nothing works.
FYI I can xcopy files to the USB from C:.
Continue reading...
No files are saved to USB when generating protector key in powershell (Admin)
I have a home built PC win 10 1909 that has a TPM header. The mobo is MSI b360 and I bought a new MSI (infineon 1.2 / 2.0 v. 5.63.3353). I connected the TPM to the mobo and booted into bios. Enabled version to auto so that win10 can set between 1.2 and 2.0. dTPM is also enabled. The hash policy is sha256 all other securities are enabled. Started windows, turned on bitlocker. I cleared the TPM and took ownership. Encrypted C/ drive. Set gpolicy to enable pin and key. Inserted a fresh formatted 8 GB USB to fat32 drive O: Stored 2 txt files from OS. IE cmd Dir can see files dir. Set file options to unhide system files.
PS Admin And tried CMD for the heck of it.
manage-bde -protectors -add C: -RecoveryKey O:
Key protectors added
Saved to directory O:
External Key:
ID: {********-****-****-****-************}
External Key File Name:
********-****-****-****-************.BEK
No files, Hidden or not. Is this not the CMD to create a Key protector?
I know there is more to configure like the Pin. But I am concerned that if I reboot now, I will be asked to insert USB with Key and I don’t have that yet.
So at this time I have unencrypted the C: drive with Bitlocker still on. I have tried several workarounds to get the files to save to the drive but nothing works.
FYI I can xcopy files to the USB from C:.
Continue reading...