Allow enhanced PINs for startup with Bitlocker

windows-10 group-policy bitlocker
8,838

Solution 1

On Windows 10 1909 you can switch between regular and enhanced PIN by temporarily switching to Auto-unlock via Change how drive is unlocked at startup > Let bitlocker automatically unlock my drive. No need to decrypt the entire drive.

Solution 2

However, still only 0-9 characters are allowed. Why is it so?

The setting you changed only applies to new BitLocker startup pins.

Existing drives that were protected by using standard startup PINs are not affected.

...

Important

Not all computers support enhanced PIN characters in the preboot environment. It is strongly recommended that users perform a system check during the BitLocker setup to verify that enhanced PIN characters can be used.

Source BitLocker Group Policy Settings

What else can be done?

You can decrypt the drive and then encrypt it again, which will require you to set up another password.

Decrypting the volume means that BitLocker protection is removed from the computer and the drive is decrypted, which can be time-consuming. When you decrypt the volume, all of the information stored on that computer is decrypted.

If you decide to turn BitLocker back on, it will either use the TPM on that computer or it will require you to set up another password.

Source What is the difference between disabling BitLocker Drive Encryption and decrypting the volume?

BitLocker Group Policy Settings

This policy setting permits the use of enhanced PINs when you use an unlock method that includes a PIN.

...

When enabled

All new BitLocker startup PINs that are set will be enhanced PINs. Existing drives that were protected by using standard startup PINs are not affected.

Source BitLocker Group Policy Settings

Share:
8,838

Related videos on Youtube

Anonymous
Author by

Anonymous

Updated on September 18, 2022

Comments

  • Anonymous
    Anonymous over 1 year

    I use PIN to unlock a windows 10 machine with bitlocker-protected OS drive. Currently, only 0-9 characters are allowed in PIN. Following a documentation, I enabled "Allow enhanced PINs for startup" in gpedit.msc. However, still only 0-9 characters are allowed. Why is it so and what else can be done?

    • Julie Pelletier
      Julie Pelletier almost 8 years
      Did you notice Existing drives that were protected by using standard startup PINs are not affected. in the link you provided? Doesn't that apply to your case?
  • anotherfred
    anotherfred over 3 years
    This worked for me but I seemed to have to restart at each step to implement the changes.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Export/Import Group Policies and Services Windows 10
Windows 10 keeps changing default browser to Edge at reboot
Can't enable BitLocker auto-unlock on drive ("invalid function")
win 10 Pro: How to avoid change of screen resolution?
Is it possible to disable Bitlocker for Windows 10 Safe mode?
Windows 10 Hello on domain-joined computer - Credentials could not be verified
Bitlocker + TPM + PIN + error code 0x80310031
How to remove configured Windows 10 update policies
Stop Feature upgrades and properly manage them via WSUS
Locked out of Windows 10, Administrator Account disabled and Bitlocker enabled