A lot of people use Bitlocker for full-disk encryption of their hard drives. For extra security you might want to be prompted for a PIN when you unlock your hard drive, because allowing attackers to boot your system without authentication might open up extra attack vectors. Setting a PIN can be easily accomplised if you know how…
The below instructions are exact for Windows 10, but they are very similar in Windows 7, too.
Local Group Policy Editor by typing
gpedit.msc into your Windows search, then when it has been found right-click on it and select
Run as administrator from the pop-up menu. Then maneuver to the following path in the left “folder” pane:
Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives.
This is what it looks like if you did it correctly:
Then double-click on the setting
Require additional authentication at startup, and you see the following dialog:
Now change option
Configure TPM startup PIN to read:
Require startup PIN with TPM
Then reboot. Now you can right-click on your system drive and select
Set Bitlocker PIN or
Change Bitlocker PIN (I forgot to take a screenshot of this last step, so I’m not 100% how exactly this looked like, but it should be obvious) from the pop-up menu.
You’re done. Wasn’t that easy?
Please leave a message if this was helpful.
If your laptop has been set up to use Bitlocker, by your company or yourself, you should be very cautious when playing with your BIOS settings.
Bitlocker considers BIOS settings changes a potential security breach, as somebody could e. g. change boot order to boot from an external media to try to fiddle with the boot mechanism set up on your hard drive or SSD. This is why when you change something in the BIOS or just boot from an external drive, such as a thumb stick, Bitlocker will prompt you for your recovery code.
To prevent this you just have to disable the so-called “protector” for your boot drive. Only then should you change BIOS settings or boot from a drive other than your normal boot drive.
You do so using the
manage-bde tool which is part of Windows:
manage-bde –protectors –disable <Drive>
Don’t forget to re-enable the protector after you’re done:
manage-bde –protectors –enable <Drive>
If this helped, I’d appreciate a comment from you here on my blog.
I usually prefer to use English versions of all operating systems and applications I use — simply because the German translations are usually horrible, plus very often updates for English versions become available much earlier (if at all!) than for localized versions.
Now I just bought myself Office 2010 and found that it lacked proofing tools for German — call me naive but I expected that these “common” tools were available in all or at least major languages. Duh!
So what I did is to download the German office installation package from Microsoft and started
SETUP.EXE. To my surprise adding German as a proofing language was simpler than I even thought. After a while Setup properly showed me
- all the components I had already installed,
- the language
English I had installed, plus
German as an optional (UI!) language to install, and
- in the packages section another German proofing tools package appeared that I could then install.
Maybe the above is obvious to all or most of you, but I thought it’s not exactly that so I’d create a post about it to help people who are in the same situation as I was.
Suddenly my brand-new, only a couple of days old Windows 7 installation had an odd problem: After a system boot or restart, networking would be broken in a way that hosts in the Internet could not be reached.
I investigated the problem and noticed that my Ethernet adapter had two default gateways assigned, while the first was 0.0.0.0:
Ethernet adapter Local Area Connection:
Default Gateway . . . . . . . . . : 0.0.0.0
I googled for this problem and found some hint that pointed toward’s Apple’s Bonjour service. Supposedly it sometimes starts up before networking is fully up, and in consequence assigns the invalid default gateway. The advice given there to solve the problem was to completely disable this service.
While I currently don’t need this service, I didn’t want to use this “brutal” approach, so what I did was switch the service to start up as
Automatic (Delayed Start) as opposed to
Automatic (which causes the service to start as early as possible).
And this indeed did the trick — I don’t have these annoying networking problems anymore.
Update: To correct the name in the “Services” application which will often be
Id_String2.6844F930_1628_4223_B5CC_5BB94B879762 you can use a command sequence as follows (your path to
mDNSResponder.exe may vary):
"C:\Program Files\Bonjour\mDNSResponder.exe" -remove
"C:\Program Files\Bonjour\mDNSResponder.exe" -install
Here’s another Cisco VPN client nightmare for you:
The old 4.9.x.x Cisco VPN client does’t run under Vista anymore. So I downloaded the most current version our organization has available, 5.0.05.290. I started the installer and pretty quickly received an error message that simply said: “Internal Error 2738″.
I thought maybe the install file was corrupt, so I redownloaded it — same error.
Now I read the readme file (which I normally don’t do ;-)) It said you need a Microsoft hotfix in order to be able to install the VPN client. So I downloaded that one as well and retried the installation after rebooting the machine — same error message agin.
So I googled for this problem and quickly came across this website — which indeed fixed the problem for me.
Thanks, Microsoft, for making such a lousy job of not registering said DLL. And thanks, Cisco, for not pointing your customers to this problem.
Gaaaawd, how I hate monopolies…
I just tried to upload some hundreds of vacation photos from Windows Vista to our gallery which I’m hosting on my own root server. It turned out that this would be a not-so-simple task…
Previously, using Windows XP, this would be as simple as
- invoking the “Web Publishing Wizard” from the “Folder Tasks” pane,
- clicking “Publish this folder to the web”,
- optionally selecting a target size for resizing (a copy of!) the photos before you upload them, and finally
- clicking “Finish” to start the upload.
Not so anymore with Vista!
Continue reading Vista picture “Web Publishing” regression