To enable BitLocker PIN authentication when using BitLocker during the the computer startup using GPO, do not forget to read the GPO help instruction where it notes that only one of the additional authentication options can be required at startup, otherwise a policy error occurs. There are four types of authentication made available.
Process:
- Make sure you have activated TPM in the BIOS
- GPO settings
- Go to Computer Configuration->Administrative Templates->Windows Components->BitLocker Drive Engryption-> Operating System Drives
- Choose “Require additional authentication at startup” .
- Enable the option
- Under Settings for Computers with TPM:
- Choose “Require startup PIN with TPM
- Choose “Apply” and “OK”
- NOTE: leave all the other options to “Do Not Allow…”