Julian_M,
i found your reply veru useful.
For further clearness i explain again what i want to do.
i want to configure two different authentication method with PGP WDE desktop/professional, without Single-Sign-On after the boot process in o.s. Windows Seven Ultimate.
the first one, for volume encryption, where the volume is unsealed after that the user types the password or wipes own finger on fingerprint reader, that unseal the volume's key stored encrypted in tpm ( the tpm store the volume's key encrypted ).
the second one method, for Windows login account ( with user right ) always with PGP WDE desktop/professional, where the user must to type a second password different by first one ( then without Single Sign-On ) or to wipe for second time the finger on the reader that unseal the login account's second key encrypted in tpm.
In this way the tpm store encrypted two different key, the volume ecnryption's key and the login account's key, that will not be stored in sam system file ( protected by syskey ), that will be unsealed by two different password or two different finger wipes.
does it possible?