The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Choose how BitLocker unlocks OS Drive at Startup in Windows 11/10

Download Windows Speedup Tool to fix errors and make PC run faster

Windows users can enable or disable Enhanced PINs for BitLocker Startup, and can specify Minimum Length for BitLocker Startup PIN in Windows 11 or Windows 10. In this post, we will show you how you can choose or change how BitLocker unlocks OS C Drive at Startup with PIN, USB flash drive or TPM.

Change how BitLocker unlocks OS Drive at Startup in Windows 11/10

Choose how BitLocker unlocks Windows OS Drive at Startup

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers. BitLocker will automatically unlock an OS drive encrypted by BitLocker with Trusted Platform Module (TPM) at startup by default in Windows 11/10, but you can also turn on BitLocker for Windows OS Drives without TPM.

BitLocker will lock the operating system drive and you’ll need a special BitLocker recovery key to unlock the drive if during startup a potential security risk is detected; for example, a change to the BIOS firmware. You can configure or change how BitLocker unlocks OS Drive at Startup in 3 ways, and we will discuss this method as follows:

Configure how BitLocker unlocks OS Drive at Startup with PIN

Configure how BitLocker unlocks OS Drive at Startup with PIN

To configure or change how BitLocker unlocks OS Drive at Startup with PIN in Windows 11/10, do the following:

  • Press Windows key + R to invoke the Run dialog.
  • In the Run dialog box, type control and hit Enter to open Control Panel.
  • From the top right corner of the window, set the View by option to Large icons or Small icons.
  • Click on BitLocker Drive Encryption.
  • Next, click Change how drive is unlocked at startup for the OS drive (if you have multiple system drive setup) you want to configure.
  • At the next window, click on Enter a PIN (recommended).
  • Now, enter a PIN with the specified requirement and Re-enter PIN.
  • Click on Set PIN.
  • Close the Control Panel.

Change how BitLocker unlocks OS Drive at Startup with TPM

Configure how BitLocker unlocks OS Drive at Startup with TPM

To configure or change how BitLocker unlocks OS Drive at Startup with TPM in Windows 11/10, do the following:

  • Open Control Panel.
  • Click on BitLocker Drive Encryption.
  • Click Change how drive is unlocked at startup for the OS drive (if you have multiple system drive setup) you want to configure.
  • At the next window, click on Let BitLocker automatically unlock my drive.
  • Click on Finish.
  • Close the Control Panel.

Configure how BitLocker unlocks OS Drive at Startup with USB flash drive

Configure how BitLocker unlocks OS Drive at Startup with USB flash drive

To configure or change how BitLocker unlocks OS Drive at Startup with USB flash drive in Windows 11/10, do the following:

  • Plug in a USB flash drive on your system.
  • Open Control Panel.
  • Click on BitLocker Drive Encryption.
  • Click Change how drive is unlocked at startup for the OS drive (if you have multiple system drive setup) you want to configure.
  • At the next window, click on Insert a USB flash drive.
  • Select the USB flash drive, and click on Save.

The flash drive will not be formatted, so you will not lose anything currently on the USB. The BitLocker startup key for the OS drive will be saved to the USB so it can be used to unlock the OS drive at startup.

  • Close the Control Panel.

That’s it on how configure or change how BitLocker unlocks OS Drive at Startup in Windows 11/10!

How do I make BitLocker automatically unlock my drive?

You just click Turn on/off auto-unlock respectively. Auto Unlock also works on removable data drives. You can choose to enable Auto Unlock when setting up BitLocker drive encryption on a data volume by checking Automatically unlock this drive on this computer in the BitLocker configuration wizard.

How do I set BitLocker to start automatically when I boot?

To set BitLocker to start automatically when you boot your Windows 11/10 device, do the following:

  • Open Group Policy Editor.
  • Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  • At the location, at the right pane, double-click the Require Additional Authentication at Startup option.
  • Set the radio button to Enabled at the top of the policy properties window.

Can BitLocker be enabled automatically?

BitLocker automatic device encryption is enabled only after users sign in with a Microsoft Account or an Azure Active Directory account. BitLocker automatic device encryption is not enabled with local accounts, in which case BitLocker can be manually enabled using the BitLocker Control Panel.

What is BitLocker pre-boot authentication?

Pre-boot authentication with BitLocker is a policy setting that requires the use of either user input, such as a PIN, a startup key, or both to authenticate prior to making the contents of the system drive accessible. BitLocker recovery mode can be triggered by a number of situations including, a malicious attempt by a person or software to change the startup environment – Rootkits are one example, another is moving the BitLocker-protected drive into a new computer.

Obinna@TWC

Obinna has completed B.Tech in Information & Communication Technology. He has worked as a System Support Engineer, primarily on User Endpoint Administration, as well as a Technical Analyst, primarily on Server/System Administration. He also has experience as a Network and Communications Officer. He has been a Windows Insider MVP (2020) and currently owns and runs a Computer Clinic.