Windows 10 SITG: Windows 10 must use a BitLocker PIN for pre-boot authentication

Post author:Chatur Tamang
Post published:January 9, 2020
Post category:Microsoft / Windows 10

To enable BitLocker PIN authentication when using BitLocker during the the computer startup using GPO, do not forget to read the GPO help instruction where it notes that only one of the additional authentication options can be required at startup, otherwise a policy error occurs. There are four types of authentication made available.

Process:

Make sure you have activated TPM in the BIOS
GPO settings
1. Go to Computer Configuration->Administrative Templates->Windows Components->BitLocker Drive Engryption-> Operating System Drives
2. Choose “Require additional authentication at startup” .
  1. Enable the option
  2. Under Settings for Computers with TPM:
  3. Choose “Require startup PIN with TPM
3. Choose “Apply” and “OK”
4. NOTE: leave all the other options to “Do Not Allow…”

I am a goal-oriented Infrastructure System Engineer and Information System Security Officer with over 10 years’ of experience in planning and implementation of network, servers, virtualization and security technologies . Background includes hands-on experience with multi-platform, LAN/WAN environments, assessing and implementation of security controls in using ODAA and RMF guidance. Demonstrated record of success in migrating, troubleshooting Servers and increasing efficiency.

You Might Also Like

SharePoint 2016: Databases running in compatibility range, upgrade recommended

SharePoint 2016 : User Rights Assignment GPO

Nessus scan: Symantec Endpoint not disabling Windows Defender Antivirus