How to disallow Standard Users from Changing BitLocker PIN/Password in Windows 10

Prevent Standard Users from Changing BitLocker PINs or Passwords

Default in Windows 10Administrators and standard users are allowed to change the BitLocker PIN or password for the operating system volume or the BitLocker password for default fixed data volumes. If you do not want standard users to be able to change the Bitlocker PIN or password on a PC, this article will explain how to stop, prevent, or prevent standard users from changing PINs or passwords for encrypted drives. under Windows. ten.

administrators and Standard users have the option to choose PINs and passwords corresponding to a personal mnemonic instead of asking the user to remember a randomly generated character set and to the professionals of the user. Computer to use the same initial PIN or password setting for all images of the computer. It also gives users the ability to choose passwords and PINs that are more susceptible to password attacks, dictionary attacks, and social engineering attacks. It also allows users to unlock any computer using the PIN code or the original password assignment. Require the complexity of the password and PIN Group Policy It is recommended to ensure that users take appropriate precautions when setting passwords and PINs.

Prevent standard users from changing BitLocker PINs or passwords

Standard users are required to enter the current PIN or password for the reader to change the BitLocker PIN or password. If a user enters an incorrect PIN or current password, the default tolerance for retry attempts is set to 5. Once the retry limit is reached, a standard user will no longer be able to change the BitLocker PIN or password. The retry counter is set to zero when restarting the computer or when an administrator resets the BitLocker PIN or password.

You must be logged in as an administrator to enable or disable enhanced PINs when starting BitLocker.

Open the Local Group Policy Editor and, in the left pane of the Local Group Policy Editor, navigate to the following location:

Computer Configuration> Administrative Templates> Windows Components> BitLocker Drive Encryption> Operating System Readers

On the right pane of Operating system In the Local Group Policy Editor, double-click Prohibit standard users from changing the PIN or password policy to change it.

This policy setting allows you to set whether or not standard users are allowed to edit BitLocker volume PINs, provided that they can first provide the existing PIN. This policy setting is applied when you enable BitLocker. If you enable this policy setting, standard users will not be allowed to change BitLocker PINs or passwords. If you disable or do not configure this policy setting, standard users will be allowed to change BitLocker PINs and passwords.

Prevent standard users from changing BitLocker PINs or passwords

As shown in the screenshot above, follow these steps:

To allow standard users to change BitLocker PINs or passwords

  • Select the radio button for Not configured or disabledand click D & #39; agreement.

To disable standard users from changing PINs or BitLocker passwords

  1. Select the radio button for enabledand click D & #39; agreement.

You can now exit the Group Policy Editor and restart your computer for the changes to take effect.

Related posts:

  1. Top 10 Ways to Fix Chrome Passwords Not Syncing Issue
  2. Top 3 Ways to Backup Chrome Bookmarks and Passwords
  3. How to Change BitLocker Password in Windows 10
  4. How to Delete All Photos from WhatsApp Group on Android and iPhone
  5. A Guide to Creating and Managing Contact Groups on Samsung Phones
  6. Top 12 Ways to Fix Windows 10 PIN Not Working Error
  7. How to customize Context Menu of BitLocker Encrypted Drives in Windows 10
  8. A Complete Guide to Changing Gmail (Google) Password
  9. 4 Ways to Fix Group Policy Editor (gpedit) Missing on Windows 10
  10. How to Export Chrome Passwords to CSV in Desktop, Mobile, and Web

Leave a Reply