Today we will learn a short topic about windows 10 Bitlocker. We generally use 2 processes to enable the authentication at startup by using Windows 10 bitlocker. So without wasting time, let’s start the process.
In the first process of windows 10 bitlocker authentication we will not use any command to set the password. I will show you both the process step by step.
- Open RUN >> Type “gpedit.msc” and press enter.
- Type “edit group policy” and enter.
In both the ways you will get this page
To enable windows 10 bitlocker authentication, we need to enable TPM first.
- Expand Administrative template >> Expand Windows Components>> Expand Bitlocker Drive Encryption >> double click on Operating System drives
- Double click on “Require additional authentication on startup”.
By default the TPM is set as “ Not configured” and the other options are in disable mode.
- Now, we will select enable and automatically the other options will be enabled to edit.
- Now the most important part. To enable authentication at startup with windows 10 bitlocker we need to enable “require startup pin with TPM” under “Configure TPM startup PIN” section. Rest of the options will remain the same.
- Make sure, you enable “ Allow bitlocker without a compatible TPM”
- Then Apply >> Ok
Then we will go to the next option “Allow enhanced PIN for startup” and double click on it.
We will enable it.
- Then Apply >> OK.
- Then open CMD and enter “gpupdate /force”. The policies you just edited are updated now.
That’s it. After this process you need to turn on your bitlocker and set the password.
Then restart your system and after restart you will be prompted to give the pin while startup.
This was the first process of Windows 10 bitlocker authentication on startup.
- In our second process of enabling windows 10 bitlocker authentication at startup, we will turn on bitlocker.
- Then we will enable the “require startup pin with TPM” option under “Configure TPM startup PIN” section.
- To set a pin for windows 10 bitlocker authentication, you need to give a command. The command is,
- manage-bde -protectors -add c: -TPMAndPIN
- Then set the pin and press ENTER.
- Then restart your system and after restart you will be prompted to give the pin while startup.