New
#1
BitLocker key protector management help
Seeking BitLocker help:
Win10 machine with TPM.
OS drive was successfully encrypted with "TPM & PIN" additional key protection.
Now I'm hoping to drop back to "just TPM" with no additional PIN protection without having to decrypt and re-encrypt. (note: the reason is so that updates will reboot back to windows login and leave this base station machine accessible by Remote (RDP) but the reason is not what I want to discuss)
I haven't found how to do it yet and don't know whether to concentrate on the "manage-bde" commands or gpupdate or both to find the answer. None of the local bitlocker policies are enabled (but the machine is in an AD domain.) If I try the following:
manage-bde -protectors -delete C: -Type TPMAndPIN
(within an admin cmd prompt) I get:
"ERROR: An error occurred while deleting the key protector.
Group Policy settings require the use of a PIN at startup. Please choose this Bitlocker startup option."
Is there a way I can check what the domain admin is requiring? I forget how to check the broader group policies on Win10.
Thanks! tinten10