How to Enable or Disable Enhanced PINs for BitLocker Startup in Windows 10
Information
When you turn on BitLocker for the operating system drive with a compatible TPM, you can choose to unlock the OS drive at startup with a PIN.
The Allow enhanced PINs for startup policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker for the OS drive.
If you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs.
This tutorial will show you how to enable or disable if enhanced startup PINs are used with BitLocker in Windows 10.
You must be signed in as an administrator to enable or disable enhanced PINs for BitLocker startup.
Note
Warning
Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup to verify that enhanced PIN characters can be used.
CONTENTS:
- Option One: Enable or Disable Enhanced PINs for BitLocker Startup in Local Group Policy Editor
- Option Two: Enable or Disable Enhanced PINs for BitLocker Startup using a REG file
1. Open the Local Group Policy Editor.
2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
3. In the right pane of Operating System Drives in Local Group Policy Editor, double click/tap on the Allow enhanced PINs for startup policy to edit it. (see screenshot above)
4. Do step 5 (enable) or step 6 (disable) below for what you would like to do.
A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)
A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)
NOTE: Not Configured is the default setting.
7. When finished, you can close the Local Group Policy Editor if you like.
The .reg files below will add and modify the DWORD value in the registry key below.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
UseEnhancedPin DWORD
(delete) = Disable
1 = Enable
1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Enable_enhanced_PINs_for_startup_with_BitLocker.reg
Download
NOTE: This is the default setting.
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Disable_enhanced_PINs_for_startup_with_BitLocker.reg
Download
4. Save the .reg file to your desktop.
5. Double click/tap on the downloaded .reg file to merge it.
6. When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
7. You can now delete the downloaded .reg file if you like.
That's it,
Shawn
Related Tutorials
- How to Turn On or Off BitLocker for Operating System Drive in Windows 10
- How to Enable or Disable Standard Users from Changing BitLocker PIN or Password in Windows 10
- How to Specify Minimum PIN Length for BitLocker Startup in Windows 10
- How to Change BitLocker Startup PIN in Windows 10
- How to Add or Remove Change BitLocker PIN Context Menu in Windows 10
- How to Unlock an OS Drive Encrypted by BitLocker in Windows 10
Enable or Disable Enhanced PINs for BitLocker Startup in Windows 10
Enable or Disable Enhanced PINs for BitLocker Startup in Windows 10
How to Enable or Disable Enhanced PINs for BitLocker Startup in Windows 10Published by Shawn BrinkCategory: Security System
04 Nov 2017
Related Discussions
