enable bitlocker pin – Password Recovery https://www.top-password.com/blog Provide useful password recovery tricks, guides and software Wed, 07 Nov 2018 07:17:14 +0000 en-US hourly 1 https://wordpress.org/?v=6.8 Configure Windows 10 to Prompt for BitLocker PIN During Startup https://www.top-password.com/blog/configure-windows-10-to-prompt-for-bitlocker-pin-during-startup/ Wed, 31 Oct 2018 02:38:34 +0000 https://www.top-password.com/blog/?p=13196 Setting up BitLocker PIN can add an additional layer of security to your computer as it acts as a second authentication factor, which can prevent DMA attacks and unauthorized access to Windows logon screen. In this tutorial we’ll show you how to configure Windows 10 to prompt for BitLocker PIN during startup.

How to Enable BitLocker Startup PIN in Windows 10

Before proceed, you have to turn on BitLocker Drive Encryption for your system drive with TPM. Once you’ve enabled BitLocker, follow these steps to set up a pre-boot PIN:

  1. Open the Local Group Policy Editor and browse to:
    Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

    In the right pane, double-click on the “Require additional authentication at startup” the policy.

  2. Now you should select Enabled. Under “Configure TPM startup PIN”, select Require startup PIN with TPM. Click OK and then reboot the system.

  3. Open an elevated Command Prompt and run the following command to add a pre-boot PIN for your BitLocker-encrypted OS drive. Make sure you set a strong PIN that you can remember.
    manage-bde -protectors -add C: -TPMAndPIN

  4. Next, type manage-bde -status to check whether the TPMAndPin protector has been added.
  5. After all that is done, you’ll need to enter the BitLocker PIN each time you turn on your PC, before Windows boots up.

That’s it!

]]>