Hi there,
I'm currently trying to secure my server's OS drive with bitlocker. The server has no TPM chip, so I've set my policy settings so that this doesn't matter.
What I want is to decrypt the server's OS drive with only a "startup key" - i.e. a usb drive on which the decryption key is stored. I do not want to manually have to input a password. As I understand, that was perfectly okay in earlier versions of Microsoft products, but not anymore? Because when initiating the encryption process I am prompted to enter a strong password. No option to save the decryption key to an USB drive.
For your convenience I have attached screenshots of my bitlocker GP settings via rsop.msc (note: Regarding the setting "Require additional authentification at startup" I even tried to disallow any option that has the term "PIN" in it. But even if change nothing but tick the "Allow bitlocker without compatible TPM" checkbox it won't work either.
Does anyone have an idea for a workaround or something?
jw
P.S.: Somebody here kind of has the same issue. Although this is about WIN8 ti should be familiar with WS12E, although they have blamed it not working on the preview build of the software...