sign in sign up
<<
Home , BitLocker

Enabling BitLocker Drive (with additional PIN requirement startup)

Computer must be running Pro, as BitLocker is a Pro feature. To upgrade to Pro from Win10 Home edition, the cost is $99.00 via the App store. If upgrading to Pro from Home, make sure to restart the computer after the Pro update installs so you can access the new features.

Search for ‘BitLocker’ in the menu and enable BitLocker for the desired drives. Select the option to run a disk check prior to beginning the encryption, as well as the “encrypt the entire drive” option.

The encryption process will take some to complete, during which the computer can still be used if needed.

Once encryption has finished, its time to enable the additional PIN requirement at startup. Open the Editor via or by searching for ‘gpedit’ in the .

Under Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Drives, edit the policy setting for “Require additional identification at startup”

Adjust to match the following highlighted options:

Now it is time to set the PIN. Open command prompt as admin and in the following: manage-bde -protectors -add C: -TPMAndPIN It will ask you to type in a PIN, and then to type it in again to confirm it. The PIN must be numerical and at least 6 digits long. FYI: It will not show that you have entered any numbers in, but it still registers them.

To check on the status of BitLocker and see if the PIN enabled successfully, type the following:

manage-bde -status

If you would like to change the PIN in the future, you should be able to do so via the regular BitLocker Management window. If not, you can do so through command prompt again.

Restart the computer to verify that before Windows boots you are presented with the BitLocker screen prompting for the PIN. If you forget the PIN, the BitLocker recovery key will be needed to gain entry.

NOTE: If the computer does not boot properly (ie black screen/no splash screens, high fan usage but no response, etc) verify that no USB devices are plugged into the computer. Occasionally these can prevent boot in a computer with BitLocker+PIN enabled. This has been observed with Logitech wireless mouse dongles specifically.