LifeLine1620
Active Member
- Joined
- Apr 25, 2020
- Messages
- 2
- Thread Author
- #1
Full disclosure I posted this on MS forums with no hits.
Hi and Thank you,
No files are saved to USB when generating protector key in powershell (Admin) or CMD (Admin).
I am the only user for this system and have full Administrator rights.
I have a home built PC Win 10 Pro 1909 that has a TPM header. The Bios is updated to 03/2020. The mobo is MSI b360 and I bought a new MSI (Infineon IFX 1.2 / 2.0 v. 5.63.3353). I connected the TPM to the mobo and booted into bios. Enabled version to auto so that Win10 Pro can set between 1.2 and 2.0. dTPM is also enabled. The hash policy is sha256 all other securities are enabled. Started windows, device manager TMP was found-turned on Bitlocker. I cleared the TPM and took ownership. Encrypted C/ drive. Set gpolicy to enable pin and key. Inserted a fresh formatted 8 GB USB to fat32 drive O: I tried 3 different drives and NTFS just for kicks. Stored 2 txt files from OS. IE cmd Dir can see and copy files from CMD. Set file options to unhide system files.
(PS Admin) And tried CMD for the heck of it.
manage-bde -protectors -add C: -RecoveryKey O:
Key protectors added
Saved to directory O:
External Key:
ID: {********-****-****-****-************}
External Key File Name:
********-****-****-****-************.BEK
No files, Hidden or not on the USB.
Is this not the CMD to create a protector Key ?
I know there is more to configure like the Pin "which does work by the way in CMD". But I am concerned that if I reboot now, I will be asked to insert USB with Key and I don’t have that yet.
So at this time I have un-encrypted the C: drive with Bitlocker still on. I have tried several online workarounds to get the files to save to the drive but nothing works.
I am aware that the GPediter does say that enabling a Pin and Key may cause a group policy conflict, but that is why I am doing this from CMD and not Bitlocker. This has works several time in Enterprise PCs. Maybe the system parameters are different with Pro?
FYI I can xcopy files to the USB from C:/.
Hi and Thank you,
No files are saved to USB when generating protector key in powershell (Admin) or CMD (Admin).
I am the only user for this system and have full Administrator rights.
I have a home built PC Win 10 Pro 1909 that has a TPM header. The Bios is updated to 03/2020. The mobo is MSI b360 and I bought a new MSI (Infineon IFX 1.2 / 2.0 v. 5.63.3353). I connected the TPM to the mobo and booted into bios. Enabled version to auto so that Win10 Pro can set between 1.2 and 2.0. dTPM is also enabled. The hash policy is sha256 all other securities are enabled. Started windows, device manager TMP was found-turned on Bitlocker. I cleared the TPM and took ownership. Encrypted C/ drive. Set gpolicy to enable pin and key. Inserted a fresh formatted 8 GB USB to fat32 drive O: I tried 3 different drives and NTFS just for kicks. Stored 2 txt files from OS. IE cmd Dir can see and copy files from CMD. Set file options to unhide system files.
(PS Admin) And tried CMD for the heck of it.
manage-bde -protectors -add C: -RecoveryKey O:
Key protectors added
Saved to directory O:
External Key:
ID: {********-****-****-****-************}
External Key File Name:
********-****-****-****-************.BEK
No files, Hidden or not on the USB.
Is this not the CMD to create a protector Key ?
I know there is more to configure like the Pin "which does work by the way in CMD". But I am concerned that if I reboot now, I will be asked to insert USB with Key and I don’t have that yet.
So at this time I have un-encrypted the C: drive with Bitlocker still on. I have tried several online workarounds to get the files to save to the drive but nothing works.
I am aware that the GPediter does say that enabling a Pin and Key may cause a group policy conflict, but that is why I am doing this from CMD and not Bitlocker. This has works several time in Enterprise PCs. Maybe the system parameters are different with Pro?
FYI I can xcopy files to the USB from C:/.
Last edited:
