windows:client_os:pin_on_boot

no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


windows:client_os:pin_on_boot [2019/10/31 09:06] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Bitlocker: Enable PIN on boot ======
 +If you want your system to require a PIN number in order to unlock a Bitlocker encrypted drive at boot time, you need to change one small GPO setting (assuming that you have Bitlocker already set up):
  
 +Start Group Policy editor by pressing Windows+R and entering the command ‘gpedit.msc’
 +[{{ :windows:client_os:tpm1.png |Start the Local Group Policy Editor}}]
 +Navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Bitlocker Drive Encryption -> Operating System Drives
 +[{{ :windows:client_os:tpm2.png |Navigate to ‘Operating System Drives’}}]
 +Select the ‘Require additional authentication at startup’ option, and set it to ‘Enabled’. Then set ‘Configure TPM startup PIN’ to ‘Require startup PIN with TPM’
 +[{{ :windows:client_os:tpm3.png |Set ‘Configure TPM startup pin’ to ‘Require startup PIN with TPM’}}]
 +Now open CMD in elevated mode and enter the command to set the PIN
 +<code bash>manage-bde -protectors -add c: -TPMAndPIN</code>
 +This will prompt you for a PIN which You will enter at Boot time.