![]() ![]() The protection that the boot-time PIN provides in many cases when considering the exploit risk may not justify the inconvenience. The assumption partly is that a malicious actor most likely does not have admin access to the system, and if they do, they probably have already passed the drive decryption. For in-system protection, the OS, by default, relies on the Windows 10 User Login interface and other account management protection. ![]() At the same time, the provided protection would prevent a malicious actor from taking the drive out of the system and trying to access its data elsewhere. The encryption process ends up being transparent for most users. In the recent versions of Windows 10, the default behavior is to store the decryption key in the TPM. ![]() (Verified on Windows 10 Pro - Version 1909 & 21H1) Now you will see an additional option for changing how the drive is unlocked at startup and setting or changing the PIN. Also make sure " Allow startup PIN with TPM" is selected under " Configure TPM startup PIN".Īfter Windows 10 starts again, search for "Manage BitLocker" by searching for it in the Windows 10 search bar. In " Require additional authentication at startup", change " Not Configured" to " Enabled".Open the item called " Require additional authentication at startup". In the Local Group Policy Editor, navigate to:Ĭomputer Configuration -> Administrative Templates -> WindowsĬomponents -> BitLocker Drive Encryption -> Operating System Drives.Open Local Group Policy Editor, by searching for Local Group Policy in the Windows 10 search bar or via the Control Panel. ![]() You can add the BitLocker boot time PIN protection on Windows 10 after the initial setup of BitLocker, using the following steps: This method is simple but requires about 3 minutes. ![]()
0 Comments
Leave a Reply. |