How do I set the BitLocker PIN?

Found the answer, assuming you have BitLocker up and running, make the changes:

To enable TPM & PIN at boot:

Using the Group Policy Editor (Start -> gpedit.msc and press Enter), go to :

Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives

and open the key

"Require additional authentication at startup"

Then enable that Key and set “Configure TPM startup Pin:” to "Require startup PIN with TPM"

To set the actual PIN use in a CMD prompt

manage-bde -protectors -add c: -TPMAndPIN 

This will prompt you for a PIN which it then requires you to enter at Boot.

Leave a Comment