You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Our Dell Latitude laptops have a Trusted Platform Module (TPM) which can be used for disk encryption using BitLocker in Windows 7.

The defaults for BitLocker are a pretty lame (i.e. anyone has access to your laptop data), so here's how to do it properly.

The goal is to have a laptop that has it's disk totally encrypted, using the TPM and a proper password.

 

Enable the Trusted Platform Module in the BIOS

This various in different BIOSes, this is how it looks on a Latitude E6330:

 

 

Initialise the TPM in Windows

 

Initialize the TPM in Windows by running tpminit.exe

Let Windows create the password, and then save it to a USB stick for safekeeping.

 

Enable non-numeric PINs

Later on we want a PIN code will to be required for unlocking the drive. By default this can only consist of digits. For better security, we want to have all the characters. This is done by enabling the "Allow enhanced PINs for startup" setting in the Local Group Policy Editor (gpedit.msc):

 

 

 

  • No labels