Windows 7: What does bitlocker do for me?

I can't see how, in the case of having a laptop stolen, bitlocker would protect my data.

If the laptop has a TPM chip, the encryption is tied to the TPM chip.. If the laptop is stolen, then the thief has access to the data on it because it would enable windows to load..

So, what is the point? I want to use drive encryption that relies on user input to put the key in. Not a usb/SD card, because they can be lost, but a password or a fingerprint. Is there any way to do this with bitlocker?

If not, what could I use to encrypt the drive, and require a password or fingerprint on startup? I have a thinkpad T530, and it has the ability to use a finger print to boot the machine, use it as a bios/power on/disk password, and a windows password.



What I would want to do, ideally, is one finger for boot/power on/disk password, and another for encryption.

Thanks

1 you can add a pin or a password with the tmp chip.

2 if they can't log on to your account they can't see the data.

Bitlockers main use is to protect the drive if its removed from the computer to access the data.

You can also look into truecrypt full disk encryption

Oh, I see. Any kind of documentation I read about it seems to say it is automatic, or you use a usb key..

But if they stole the whole machine.. What then?

If they take your whole machine they in theory will not be able to access your data.

They can't log on (password protected account) so they can see what's on the drive. (Or if a pin or password is set they will not even be able to get to the log on screen).


If they remove the drive to see the the data it will all be encrypted. So they data is still safe.

As for documentation I would check out Microsoft.technet.com

Google search
Bitlocker site:technet.microsoft.com

I see. alright.
Tried to enable bitlocker, and I checked that optional reboot test.. Failed a few times and didn't encrypt, so I'm encrypting it right off the bat.
Worst thing that can happen is I need to restore to an image I made a few days ago

So, every time I reboot I need to have a usb with the encryption key on it.. It isn't saving the key in the TPM..

I worked with bitlocker on a windows 7 deploy in the past, and didn't have to put in a key/usb whenever those machines were rebooted while the drives were encrypting..

Help :-S

There are different options with bitlocker. If you set it up to only use the TMP then nothing is ever required. If you set it up with TMP + usb key then both are required to boot.

How do I set it up for only TPM?
It did not seem like there was an option.. The only options I got when setting it up was
-print key
-save key to file
-save key to usb
And another screen, with the option to reboot to make sure it works before any encryption is done.

I believe what your referring to is the recovery/reset key. (Really long string)

It is used if you lose your password.

I could be wrong on this.
For best reference for specifics and how to do it correctly use the Google search I provided above and read their information.

Indeed, that is what it asks for. I've had success in both typing in the key manually, or by having a usb with a text file called BitLocker Recovery Key ********.txt