cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

MNE 5 adding PIN with TPM

Jump to solution

We have about 600 computers with MNE installed and running great with Bitlocker.   These drives auto unlock with TPM so no user interaction is required.

New requirement says we have to have a PIN set as well.  We still want no user interaction on boot up still. If the policy authentication setting is changed from TPM to "TPM and enhanced shared PIN" will a PIN be required at boot up or can we still autounlock with TPM?

Next question...will I have to decrypt thse machines and reencrypt them with the new policy?

Thanks, Jim

1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: MNE 5 adding PIN with TPM

Jump to solution

Hi @Trymelatr ,

Thank you for writing in here.

If you do want to use only TPM you can continue to do so and its not mandatory for you to select other authentication methods if you are not okay with the new ones, however MNE provides the customers with other options as well.

tpm.PNG

 

AFAIK, you would no need to decrypt and re-encrypt the machines for applying a new change to a policy.

 

Thank you.

 

Regards,
Jithendran S
McAfee Employee

View solution in original post

3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: MNE 5 adding PIN with TPM

Jump to solution

Hi @Trymelatr ,

Thank you for writing in here.

If you do want to use only TPM you can continue to do so and its not mandatory for you to select other authentication methods if you are not okay with the new ones, however MNE provides the customers with other options as well.

tpm.PNG

 

AFAIK, you would no need to decrypt and re-encrypt the machines for applying a new change to a policy.

 

Thank you.

 

Regards,
Jithendran S
McAfee Employee

View solution in original post

Highlighted

Re: MNE 5 adding PIN with TPM

Jump to solution

That is how I currently have the policy setup.  But we have new requirements that say we have to have a PIN setup as well.  What will happen if I just select "TPM with PIN" as well??  Will it prompt me for the PIN to apply to the policy?  Will it require a reboot or have any user interaction?

 

Thanks,

Jim

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: MNE 5 adding PIN with TPM

Jump to solution

@Trymelatr Exactly, its kind of dual authentication Hardware based TPM and PIN.

TPM with PIN. In addition to the protection that the TPM provides, BitLocker requires that the user enter a PIN. Data on the encrypted volume cannot be accessed without entering the PIN. TPMs also have anti-hammering protection that is designed to prevent brute force attacks that attempt to determine the PIN.

The above statement is from docs.microsoft.com

JaganA
McAfee Employee

Was my reply helpful?
If yes, click "Accept as Solution" in my reply and together we can help other members?
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community