Windows 10: Weird bitlocker settings Solved


  1. Posts : 43
    Windows 10 Pro 64 Bit Build 1607
       05 Feb 2016 #1

    Weird bitlocker settings


    So at my work and home I have been setting up Bitlocker. Today at work I was setting up Bitlocker on a PC and we could not get a password for a option to unlock the device. The only option we get is to either use a USB or a pin. As per the compliance officer we have to require an encryption passphrase upon boot and I am not big on pins. How do I get my passphrase ability back? Thanks.
      My ComputerSystem Spec

  2.    05 Feb 2016 #2

    Do you have TPM? You can check with the get-tpm powershell command. From elevated command prompt
    Code:
    Microsoft Windows [Version 10.0.10586]
    (c) 2015 Microsoft Corporation. All rights reserved.
    
    C:\WINDOWS\system32>powershell
    Windows PowerShell
    Copyright (C) 2015 Microsoft Corporation. All rights reserved.
    
    PS C:\WINDOWS\system32> get-tpm
    
    
    TpmPresent          : False
    TpmReady            : False
    ManufacturerId      : 0
    ManufacturerVersion :
    ManagedAuthLevel    : Full
    OwnerAuth           :
    OwnerClearDisabled  : True
    AutoProvisioning    : NotDefined
    LockedOut           : False
    LockoutCount        :
    LockoutMax          :
    SelfTest            :
    
    
    
    PS C:\WINDOWS\system32>
    If so the TPM enters the password for you and your system is protected by your Windows password. Only if you don't have TPM you can enter a password.

    In addition you can enter a PIN and/or use a USB key. A pin is recommended and can be alphanumeric.

    What is the best practice for using BitLocker on an operating system drive?

    The recommended practice for BitLocker configuration on an operating system drive is to implement BitLocker on a computer with a TPM version 1.2 or 2.0 and a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware implementation, plus a PIN. By requiring a PIN that was set by the user in addition to the TPM validation, a malicious user that has physical access to the computer cannot simply start the computer.

    Can PIN length and complexity be managed with Group Policy?

    Yes and No. You can configure the minimum personal identification number (PIN) length by using the Configure minimum PIN length for startup Group Policy setting and allow the use of alphanumeric PINs by enabling the Allow enhanced PINs for startup Group Policy setting. However, you cannot require PIN complexity by Group Policy.
    Source

    You might like to read this thread - it has some discussion / explanations when someone had a similar question. Installed Bitlocker does not ask for password on computer start-up! - Windows 10 Forums
      My ComputerSystem Spec


  3. Posts : 43
    Windows 10 Pro 64 Bit Build 1607
    Thread Starter
       05 Feb 2016 #3

    All of our laptops have the TPM chip but this is the first one that ask for a pin or usb, I know how the TPM works and also you cannot use the Alphabet in pin (we tried). Otherwise I think once the alphabet gets involved your pin is now called a pass phrase.

    Any ideas on how to get the pass phrase option again or could anyone tell me why I would want less security.
      My ComputerSystem Spec

  4.   My ComputerSystem Spec

  5.    05 Feb 2016 #5

    DMGrier said: View Post
    All of our laptops have the TPM chip but this is the first one that ask for a pin or usb, I know how the TPM works and also you cannot use the Alphabet in pin (we tried). Otherwise I think once the alphabet gets involved your pin is now called a pass phrase.
    You need to check group policy. Requiring pin or usb (or both) and allowing alpha characters in pin are defined in these 2 settings. What do you have?

    Click image for larger version. 

Name:	Enhanced PIN.PNG 
Views:	0 
Size:	480.2 KB 
ID:	62525Click image for larger version. 

Name:	Require PIN.PNG 
Views:	0 
Size:	601.0 KB 
ID:	62526
      My ComputerSystem Spec


  6. Posts : 43
    Windows 10 Pro 64 Bit Build 1607
    Thread Starter
       05 Feb 2016 #6

    Okay So I found the answer, I needed to turn off TPM in the bios for this to work, if enabled even in GPO you cannot get it to prompt for passphrase. I know some might find it weird that we want this but in my organization we feel a little more safe if the computer gets stolen knowing they would have to get pass the encryption password prompt before the Windows login.
      My ComputerSystem Spec

  7.    05 Feb 2016 #7

    Glad you got it sorted
      My ComputerSystem Spec


 

Related Threads
Solved Bitlocker without TPM help in AntiVirus, Firewalls and System Security
Hi all, I've been having a bit of trouble trying to get Bitlocker working on my Dad's laptop. He recently bought a new laptop with Win 7 pro and I upgraded it to Win 10. It all went smoothly except now when I'm trying to get Bitlocker to encrypt...
Solved BitLocker in AntiVirus, Firewalls and System Security
This may sound Odd or maybe I have a memory block, But what is Bit Locker ? Did it com with win.10 And what is it's function I was thinking of Bit Defender Antivirus.But I know thats not it .
Hi, I have a serious problem. I enabled the boot to startup settings option in winaero and now my computer boots to bitlocker. I checked online and I don't have the key for it. What can I do? (Computer is surface pro 3 i5 4g of ram)
Have win10 home installed since its release and it has run fine except for a screen saver issue I am having. Heres what happens.I do a fresh boot in the morning and the SS never will come on until I goto personalize and glick on a new screen...
No Bitlocker in AntiVirus, Firewalls and System Security
I am unsure if this is applicable here, however, it is about security. I want to encrypt a drive and thought I would use Windows Bitlocker, I can't locate it on windows 10. Is there a substitute for bitlocker on Windows 10? :cool:
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:34.
Find Us