Default in Windows 10Administrators and standard users are allowed to change the BitLocker PIN or password for the operating system volume or the BitLocker password for default fixed data volumes. If you do not want standard users to be able to change the Bitlocker PIN or password on a PC, this article will explain how to stop, prevent, or prevent standard users from changing PINs or passwords for encrypted drives. under Windows. ten.
administrators and Standard users have the option to choose PINs and passwords corresponding to a personal mnemonic instead of asking the user to remember a randomly generated character set and to the professionals of the user. Computer to use the same initial PIN or password setting for all images of the computer. It also gives users the ability to choose passwords and PINs that are more susceptible to password attacks, dictionary attacks, and social engineering attacks. It also allows users to unlock any computer using the PIN code or the original password assignment. Require the complexity of the password and PIN Group Policy It is recommended to ensure that users take appropriate precautions when setting passwords and PINs.
Prevent standard users from changing BitLocker PINs or passwords
Standard users are required to enter the current PIN or password for the reader to change the BitLocker PIN or password. If a user enters an incorrect PIN or current password, the default tolerance for retry attempts is set to 5. Once the retry limit is reached, a standard user will no longer be able to change the BitLocker PIN or password. The retry counter is set to zero when restarting the computer or when an administrator resets the BitLocker PIN or password.
You must be logged in as an administrator to enable or disable enhanced PINs when starting BitLocker.
Open the Local Group Policy Editor and, in the left pane of the Local Group Policy Editor, navigate to the following location:
Computer Configuration> Administrative Templates> Windows Components> BitLocker Drive Encryption> Operating System Readers
On the right pane of Operating system In the Local Group Policy Editor, double-click Prohibit standard users from changing the PIN or password policy to change it.
This policy setting allows you to set whether or not standard users are allowed to edit BitLocker volume PINs, provided that they can first provide the existing PIN. This policy setting is applied when you enable BitLocker. If you enable this policy setting, standard users will not be allowed to change BitLocker PINs or passwords. If you disable or do not configure this policy setting, standard users will be allowed to change BitLocker PINs and passwords.
As shown in the screenshot above, follow these steps:
To allow standard users to change BitLocker PINs or passwords
- Select the radio button for Not configured or disabledand click D & #39; agreement.
To disable standard users from changing PINs or BitLocker passwords
- Select the radio button for enabledand click D & #39; agreement.
You can now exit the Group Policy Editor and restart your computer for the changes to take effect.