How To Set A Pin On Windows 10

If y'all encrypt your Windows system bulldoze with BitLocker, y'all can add together a PIN for boosted security. Yous'll need to enter the PIN each fourth dimension you lot plough on your PC, earlier Windows will fifty-fifty start. This is split from a login Pivot, which y'all enter after Windows boots up.

RELATED: How to Use a USB Primal to Unlock a BitLocker-Encrypted PC

A pre-kicking Pin prevents the encryption key from automatically being loaded into arrangement memory during the boot process, which protects against straight memory admission (DMA) attacks on systems with hardware vulnerable to them. Microsoft's documentation explains this in more item.

Step One: Enable BitLocker (If You Haven't Already)

RELATED: How to Prepare BitLocker Encryption on Windows

This is a BitLocker feature, so you take to employ BitLocker encryption to fix a pre-kick PIN. This is just available on Professional and Enterprise editions of Windows. Before yous tin can set a Pivot, you have to enable BitLocker for your arrangement bulldoze.

Note that, if you leave of your way to enable BitLocker on a computer without a TPM, y'all'll be prompted to create a startup password that's used instead of the TPM. The beneath steps are simply necessary when enabling BitLocker on computers with TPMs, which almost mod computers take.

If y'all take a Domicile version of Windows, y'all won't be able to utilise BitLocker. You may have the Device Encryption feature instead, but this works differently from BitLocker and doesn't permit y'all to provide a startup key.

Footstep Two: Enable the Startup Pin in Group Policy Editor

Once you've enabled BitLocker, you'll need to go out of your way to enable a PIN with it. This requires a Group Policy settings change. To open the Group Policy Editor, press Windows+R, type "gpedit.msc" into the Run dialog, and printing Enter.

Head to Computer Configuration > Authoritative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives in the Group Policy window.

Double-click the "Crave Additional Authentication at Startup" Option in the right pane.

Select "Enabled" at the top of the window here. Then, click the box under "Configure TPM Startup PIN" and select the "Require Startup PIN With TPM" option. Click "OK" to save your changes.

Step Three: Add a Pivot to Your Bulldoze

Yous can now apply the manage-bde control to add the Pin to your BitLocker-encrypted drive.

To do this, launch a Command Prompt window equally Administrator. On Windows 10 or eight, right-click the Start push and select "Command Prompt (Admin)". On Windows 7, observe the "Command Prompt" shortcut in the Commencement menu, correct-click information technology, and select "Run as Ambassador"

Run the following command. The below command works on your C: drive, so if you lot want to require a startup fundamental for some other bulldoze, enter its drive letter instead of c: .

manage-bde -protectors -add c: -TPMAndPIN

You'll be prompted to enter your Pivot here. The next time you boot, you lot'll be asked for this PIN.

To double-check whether the TPMAndPIN protector was added, y'all tin run the post-obit control:

manage-bde -status

(The "Numerical Password" primal protector displayed hither is your recovery key.)

How to Alter Your BitLocker Pivot

To change the Pivot in the future, open a Command Prompt window every bit Ambassador and run the post-obit command:

manage-bde -changepin c:

You'll need to type and confirm your new Pin before continuing.

How to Remove the PIN Requirement

If you change your mind and desire to stop using the PIN afterward, you tin can undo this change.

Start, you'll need to head to the Grouping Policy window and change the option back to "Allow Startup PIN With TPM". You can't leave the selection prepare to "Require Startup Pin With TPM" or Windows won't allow y'all to remove the Pin.

Adjacent, open a Control Prompt window equally Ambassador and run the following control:

manage-bde -protectors -add together c: -TPM

This will supersede the "TPMandPIN" requirement with a "TPM" requirement, deleting the Pin. Your BitLocker drive will automatically unlock via your computer's TPM when yous boot.

To cheque that this completed successfully, run the status command once again:

manage-bde -status c:

---

If yous forget the PIN, you'll need to provide the BitLocker recovery lawmaking you should take saved somewhere rubber when you lot enabled BitLocker for your system drive.

Source: https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/

Posted by: harrellforrie.blogspot.com

Share this post