New
#21
Double-click that option. The help / description of that option clearly explains what it does.
Double-click that option. The help / description of that option clearly explains what it does.
I did read the description area, I just wasnt sure if it was actually required. Turns out it was not. I left it not configured and the PIN is still asked for on pre-boot. Strange.
I still dont know why I was unable to Require Startup PIN + TPM in the Group Policy Editor. It created a conflict that prevented me from adding a PIN. I had to set everything as ALLOW versus require to add a PIN.
But now that the pin is created, I noticed I can go back in the Group Policy Editor and change it to Require Startup PIN + TPM, but then that concerns me it may cause a problem with Bitlocker and I could get locked out. Idk
Last edited by jerry76; 19 Jan 2022 at 15:31.
Just make sure you keep your BitLocker Recovery Keys someplace safe! Also, don't forget the importance of backups. So long as you have a solid, tested, and proven backup strategy, you'll be fine .
^True. Thanks. Yeah my keys and data are backed up.
So I tried setting the Group Policy Editor to REQUIRE for the PIN+TPM (after I created the Pin). Then rebooted and everything works fine. Bitlocker still asks for the PIN.
I will never know why Windows would not let me use the Require setting prior to creating the PIN and created a conflict error. Contrary to all the tutorials and videos of people doing it on YouTube just fine. But whatever.
I also tried leaving "Enable use of BitLocker authentication requiring preboot keyboard input on slates" both Enabled and Not Configured, made no difference upon rebooting.
Also on a side note, I found out it's quite easy to disable the PIN. All the research I did only showed that you have to disable bitlocker (decrypt and recrypt all over again) to turn off the PIN prompt. I couldnt find anything via cmd commands either. But there's a setting in the Bitlocker Wizard to just switch it back to auto-unlock which removed the PIN.
Thanks for the info. Having not used BitLocker with a pin myself previously I wasn't aware of that option.
Hi Jerry76,
I ran into the same issue you did. I’m not seeing an option to select encryption method.
I hit start bit locker, it ask me to save bitlocker key, which I do. Then it just begins encrypting
Did you ever figure out why it wasn’t adding those extra steps other are seeing?
Its hard to remember, it was a while ago and complicated for me. I believe I never did for sure, but when I removed the bitlocker encryption (unencrypted it) then tried to re-enable it, it gave me the missing steps that time. If I remember correctly.
I think I had also read that for new drives/new computers, "For new drives, you can use encryption of only the occupied area - all the same, the free space of the partition is full of zeros and there is nothing to hide there."
Meaning because Windows knew my computer was new, it would not let me do the entire drive. But once I removed bitlocker then re-added bitlocker, it now considers it "Not new" and there is the risk of deleted material being recoverable, so it allows you to do the whole drive now.
Is your computer new? Or how old is yours?