Allow enhanced PINs for startup with Bitlocker
Solution 1
On Windows 10 1909 you can switch between regular and enhanced PIN by temporarily switching to Auto-unlock via Change how drive is unlocked at startup > Let bitlocker automatically unlock my drive. No need to decrypt the entire drive.
Solution 2
However, still only 0-9 characters are allowed. Why is it so?
The setting you changed only applies to new BitLocker startup pins.
Existing drives that were protected by using standard startup PINs are not affected.
...
Important
Not all computers support enhanced PIN characters in the preboot environment. It is strongly recommended that users perform a system check during the BitLocker setup to verify that enhanced PIN characters can be used.
Source BitLocker Group Policy Settings
What else can be done?
You can decrypt the drive and then encrypt it again, which will require you to set up another password.
Decrypting the volume means that BitLocker protection is removed from the computer and the drive is decrypted, which can be time-consuming. When you decrypt the volume, all of the information stored on that computer is decrypted.
If you decide to turn BitLocker back on, it will either use the TPM on that computer or it will require you to set up another password.
Source What is the difference between disabling BitLocker Drive Encryption and decrypting the volume?
BitLocker Group Policy Settings
This policy setting permits the use of enhanced PINs when you use an unlock method that includes a PIN.
...
When enabled
All new BitLocker startup PINs that are set will be enhanced PINs. Existing drives that were protected by using standard startup PINs are not affected.
Source BitLocker Group Policy Settings
Related videos on Youtube
Anonymous
Updated on September 18, 2022Comments
-
Anonymous over 1 year
I use PIN to unlock a windows 10 machine with bitlocker-protected OS drive. Currently, only 0-9 characters are allowed in PIN. Following a documentation, I enabled "Allow enhanced PINs for startup" in gpedit.msc. However, still only 0-9 characters are allowed. Why is it so and what else can be done?
-
Julie Pelletier almost 8 yearsDid you notice
Existing drives that were protected by using standard startup PINs are not affected.
in the link you provided? Doesn't that apply to your case?
-
-
anotherfred over 3 yearsThis worked for me but I seemed to have to restart at each step to implement the changes.