Enhanced startup PINs for BitLocker permits the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker for the OS drive. In this post, we will show you how to enable or disable if enhanced startup PINs are used with BitLocker in Windows 11/10. The Allow enhanced PINs for startup policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. If you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs.
Enable or Disable Enhanced PINs for BitLocker Startup
Open the Local Group Policy Editor and navigate to the following setting:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
From the screenshot above, on the right pane of Operating System Drives double-click Allow enhanced PINs for startup policy to edit it.
This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.
Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker.
If you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs.
Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup.
If you disable or do not configure this policy setting, enhanced PINs will not be used.
As shown in the screenshot above, do the following;
To Disable Enhanced PINs for BitLocker Startup
- Select the radio button for Not Configured or Disabled, click OK.
To Enable Enhanced PINs for BitLocker Startup
- Select the radio button for Enabled, and click OK.
You can now exit Group Policy Editor and restart your computer.
And that’s all folks, about using Enhanced PINs for BitLocker Startup in Windows 11/10.