How to Stop Standard Users from Changing BitLocker Password

December 18th, 2017 by Admin Leave a reply »

If you want to configure BitLocker in Windows 10 / 8, you have to log in as administrator. However, standard users are allowed to change BitLocker password by default. In this tutorial we’ll show you 2 ways to stop standard users from changing BitLocker password in Windows 10 / 8.

Method 1: Prevent Standard Users from Changing BitLocker Password via Group Policy

  1. Press the WIN + R keys to open the Run box. Type gpedit.msc and hit Enter.

  2. In the left pane of the Local Group Policy Editor, navigate to: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives.

    Next, double-click on the Disallow standard users from changing the PIN or password policy in the right pane.

  3. Select the Enabled option, click Apply and then OK.

  4. When the standard users try to change BitLocker password on a fixed drive, the UAC will prompt to enter an administrator’s password firstly.

Method 2: Prevent Standard Users from Changing BitLocker Password via Registry Editor

  1. Press the WIN + R keys to open the Run box. Type regedit and hit Enter.

  2. In the left pane of Registry Editor, navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE. If the FVE key doesn’t exist, right-click the Microsoft key and create a subkey named FVE.
  3. While the FVE key is selected, right-click blank area in the right pane and create a DWORD (32-bit) value named DisallowStandardUserPINReset, set its value data to 1.

  4. Close Registry Editor.

If you want to allow standard users to change BitLocker password, just change the value data of DisallowStandardUserPINReset to 0 and you’re done.