Eureka Moment Wiki

One eureka moment at the time

User Tools

Site Tools


windows:client_os:pin_on_boot

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

windows:client_os:pin_on_boot [2019/10/31 09:06] (current)
Line 1: Line 1:
 +====== Bitlocker: Enable PIN on boot ======
 +If you want your system to require a PIN number in order to unlock a Bitlocker encrypted drive at boot time, you need to change one small GPO setting (assuming that you have Bitlocker already set up):
  
 +Start Group Policy editor by pressing Windows+R and entering the command ‘gpedit.msc’
 +[{{ :​windows:​client_os:​tpm1.png |Start the Local Group Policy Editor}}]
 +Navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Bitlocker Drive Encryption -> Operating System Drives
 +[{{ :​windows:​client_os:​tpm2.png |Navigate to ‘Operating System Drives’}}]
 +Select the ‘Require additional authentication at startup’ option, and set it to ‘Enabled’. Then set ‘Configure TPM startup PIN’ to ‘Require startup PIN with TPM’
 +[{{ :​windows:​client_os:​tpm3.png |Set ‘Configure TPM startup pin’ to ‘Require startup PIN with TPM’}}]
 +Now open CMD in elevated mode and enter the command to set the PIN
 +<code bash>​manage-bde -protectors -add c: -TPMAndPIN</​code>​
 +This will prompt you for a PIN which You will enter at Boot time.
windows/client_os/pin_on_boot.txt · Last modified: 2019/10/31 09:06 (external edit)