{"id":13196,"date":"2018-10-31T02:38:34","date_gmt":"2018-10-31T02:38:34","guid":{"rendered":"https:\/\/www.top-password.com\/blog\/?p=13196"},"modified":"2018-11-07T07:17:14","modified_gmt":"2018-11-07T07:17:14","slug":"configure-windows-10-to-prompt-for-bitlocker-pin-during-startup","status":"publish","type":"post","link":"https:\/\/www.top-password.com\/blog\/configure-windows-10-to-prompt-for-bitlocker-pin-during-startup\/","title":{"rendered":"Configure Windows 10 to Prompt for BitLocker PIN During Startup"},"content":{"rendered":"<p>Setting up BitLocker PIN can add an additional layer of security to your computer as it acts as a second authentication factor, which can prevent DMA attacks and unauthorized access to Windows logon screen. In this tutorial we&#8217;ll show you how to configure Windows 10 to prompt for BitLocker PIN during startup.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.top-password.com\/blog\/wp-content\/uploads\/2018\/10\/enter-bitlocker-pin-at-boot.jpg\" alt=\"\" width=\"600\" height=\"483\" class=\"alignnone size-full wp-image-13244\" \/><\/p>\n<p><strong>How to Enable BitLocker Startup PIN in Windows 10<\/strong><\/p>\n<p>Before proceed, you have to <a href=\"https:\/\/www.top-password.com\/blog\/enable-bitlocker-on-windows-10-os-drive\/\" rel=\"noopener\" target=\"_blank\">turn on BitLocker Drive Encryption for your system drive with TPM<\/a>. Once you&#8217;ve enabled BitLocker, follow these steps to set up a pre-boot PIN:<\/p>\n<ol>\n<li><a href=\"https:\/\/www.top-password.com\/blog\/open-local-group-policy-editor-in-windows-10\/\" rel=\"noopener\" target=\"_blank\">Open the Local Group Policy Editor<\/a> and browse to:<br \/>\n<code>Computer Configuration &gt; Administrative Templates &gt; Windows Components &gt; BitLocker Drive Encryption &gt; Operating System Drives<\/code><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.top-password.com\/blog\/wp-content\/uploads\/2018\/10\/require-additional-authentication-at-startup.png\" alt=\"\" width=\"600\" height=\"364\" class=\"alignnone size-full wp-image-13224\" \/><\/p>\n<p>In the right pane, double-click on the &#8220;<strong>Require additional authentication at startup<\/strong>&#8221; the policy.<\/li>\n<li>Now you should select <strong>Enabled<\/strong>. Under &#8220;Configure TPM startup PIN&#8221;, select <strong>Require startup PIN with TPM<\/strong>. Click <strong>OK<\/strong> and then reboot the system.\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.top-password.com\/blog\/wp-content\/uploads\/2018\/10\/require-startup-pin-with-tpm.png\" alt=\"\" width=\"599\" height=\"633\" class=\"alignnone size-full wp-image-13225\" \/>\n<\/li>\n<li><a href=\"https:\/\/www.top-password.com\/blog\/open-elevated-command-prompt-from-standard-user-in-windows\/\" rel=\"noopener\" target=\"_blank\">Open an elevated Command Prompt<\/a> and run the following command to add a pre-boot PIN for your BitLocker-encrypted OS drive. Make sure you set a strong PIN that you can remember.<br \/>\n<code>manage-bde -protectors -add C: -TPMAndPIN<\/code><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.top-password.com\/blog\/wp-content\/uploads\/2018\/10\/add-bitlocker-preboot-pin.png\" alt=\"\" width=\"555\" height=\"211\" class=\"alignnone size-full wp-image-13226\" \/>\n<\/li>\n<li>Next, type <strong>manage-bde -status<\/strong> to check whether the TPMAndPin protector has been added.<\/li>\n<li>After all that is done, you&#8217;ll need to enter the BitLocker PIN each time you turn on your PC, before Windows boots up.<\/li>\n<\/ol>\n<p>That&#8217;s it!<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>Setting up BitLocker PIN can add an additional layer of security to your computer as it acts as a second authentication factor, which can prevent DMA attacks and unauthorized access to Windows logon screen. In this tutorial we&#8217;ll show you how to configure Windows 10 to prompt for BitLocker PIN during startup. How to Enable [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,10,1894],"tags":[4028,4029],"class_list":["post-13196","post","type-post","status-publish","format-standard","hentry","category-others","category-tips-tricks","category-windows-10","tag-enable-bitlocker-pin","tag-require-bitlocker-pin-at-boot"],"_links":{"self":[{"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/posts\/13196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/comments?post=13196"}],"version-history":[{"count":8,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/posts\/13196\/revisions"}],"predecessor-version":[{"id":13245,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/posts\/13196\/revisions\/13245"}],"wp:attachment":[{"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/media?parent=13196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/categories?post=13196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.top-password.com\/blog\/wp-json\/wp\/v2\/tags?post=13196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}