Windows 7 Bitlocker Pins
by, 10th February 2011 at 07:10 PM (7045 Views)
So, time to rack up my blog writing a bit more! As you may have read, we have deployed (well still deploying) Windows 7 with Bitlocker as the encryption for all our Staff Laptops. We are using Toshiba Tecra A10s by the way.
While we were testing, we came across some things that were a real pain. The first being that unless you are a local admin, you cannot change the Bitlocker pin. Problem - big problem. Under XP, we did used to have Staff as local admins - but used GPs and Software Restriction Policies to control it. We do want staff to be able to change their pins tho. Right, so how to sort it?
Well, the manage-bde - changepin c: would work quite nicely; except that would need the CMD window, and its not very elegant. Ok, so we let them be local admins then? Well yes, that was fine until we found that it exposed our WPA2 key! Grrrr!
So - into Visual Studio I went, and used the Bitlocker API and the results are in the attached zip. Its based on the one available on Codeplex - so credit there :-).
Its a single compiled exe, which you should put in C:\Program Files. Ive only tested it on x86, so not sure what will happen on x64. Also, as I used the new version of Studio - you need .net FW 4 on the machine.
As usual, use at your own risk. Works fine in my environment, its pretty basic in what it does - im working on catching the errors better. At the moment, it reports the API error code.
Total Trackbacks 0