Published by


Brink's Avatar
Administrator

Posts: 25,241

Show Printable Version 


How to Enable or Disable Enhanced PINs for BitLocker Startup in Windows 10

information   Information
When you turn on BitLocker for the operating system drive with a compatible TPM, you can choose to unlock the OS drive at startup with a PIN.

The Allow enhanced PINs for startup policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker for the OS drive.

If you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs.

This tutorial will show you how to enable or disable if enhanced startup PINs are used with BitLocker in Windows 10.

You must be signed in as an administrator to enable or disable enhanced PINs for BitLocker startup.
Note   Note
BitLocker Drive Encryption is only available in Windows 10 Pro, Enterprise, and Education editions.
warning   Warning
Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup to verify that enhanced PIN characters can be used.

CONTENTS:
  • Option One: Enable or Disable Enhanced PINs for BitLocker Startup in Local Group Policy Editor
  • Option Two: Enable or Disable Enhanced PINs for BitLocker Startup using a REG file





Enable or Disable Enhanced PINs for BitLocker Startup in Windows 10 OPTION ONE Enable or Disable Enhanced PINs for BitLocker Startup in Windows 10
Enable or Disable Enhanced PINs for BitLocker Startup in Local Group Policy Editor

1. Open the Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Name:  Enhanced_PINs_for_BitLocker_startup_gpedit-1.jpg
Views: 73
Size:  105.7 KB

3. In the right pane of Operating System Drives in Local Group Policy Editor, double click/tap on the Allow enhanced PINs for startup policy to edit it. (see screenshot above)

4. Do step 5 (enable) or step 6 (disable) below for what you would like to do.


 5. To Enable Enhanced PINs for BitLocker Startup

A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)


 6. To Disable Enhanced PINs for BitLocker Startup

A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

NOTE: Not Configured is the default setting.

Name:  Enhanced_PINs_for_BitLocker_startup_gpedit-2.png
Views: 70
Size:  40.3 KB

7. When finished, you can close the Local Group Policy Editor if you like.






Enable or Disable Enhanced PINs for BitLocker Startup in Windows 10 OPTION TWO Enable or Disable Enhanced PINs for BitLocker Startup in Windows 10
Enable or Disable Enhanced PINs for BitLocker Startup using a REG file

Note   Note
The .reg files below will add and modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE

UseEnhancedPin DWORD

(delete) = Disable
1 = Enable

1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.


 2. To Enable Enhanced PINs for BitLocker Startup

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Enable_enhanced_PINs_for_startup_with_BitLocker.reg

download


 3. To Disable Enhanced PINs for BitLocker Startup

NOTE: This is the default setting.

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Disable_enhanced_PINs_for_startup_with_BitLocker.reg

download

4. Save the .reg file to your desktop.

5. Double click/tap on the downloaded .reg file to merge it.

6. When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7. You can now delete the downloaded .reg file if you like.


That's it,
Shawn