Share via

The system does not ask for a Bitlocker password when logging into Windows.

Anonymous
2024-12-05T07:26:47+00:00

Hello! I connect Bitlocker to drive C without any problems, but after turning on or rebooting the computer, I log into Windows as if Bitlocker is not enabled, that is, before logging into Windows there is no request to enter the Bitlocker password, drive C is marked with an open lock.

If earlier, when setting up Bitlocker encryption, a window appeared asking to create a password, now the system only offers to create a recovery key and three options for saving it - to an account, save a file or print.

I enable Bitlocker in the usual way: I open the This PC window, right-click on drive C and select "Enable Bitlocker".

I need a request for a Bitlocker password after turning on or rebooting the PC, but it is not there.

Moreover, after enabling Bitlocker on an external drive, during the encryption setup process, not only the creation of a recovery key is offered, but also the creation of a password, but why does the system not offer to create a password during the encryption process of drive C?

Thank you!

***Move from Windows / Windows 11 / Security and privacy***

Windows for business | Windows Client for IT Pros | Devices and deployment | Recovery key

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-12-06T09:09:24+00:00

    Hello ipMalik1,

    it sounds like BitLocker may be using TPM (Trusted Platform Module) for transparent operation without requiring a PIN or password at startup. By default, when BitLocker is enabled on a system drive and the system has a TPM, it will use the TPM to automatically unlock the drive at startup. If you want to require a password or PIN at startup, you need to change the policy settings.

    Here's how you can require a password or PIN for BitLocker on your system drive:

    1. Open Group Policy Editor:
      • Press Windows + R to open the Run dialog box.
      • Type gpedit.msc and press Enter.
    2. Navigate to BitLocker Drive Encryption Policies:
      • In the Group Policy Editor, navigate to the following path: Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives
    3. Require Additional Authentication at Startup:
      • Find and double-click on "Require additional authentication at startup."
      • In the policy window, set it to "Enabled."
      • Under the options, ensure that "Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)" is checked.
    4. Configure Startup Options:
      • After enabling the policy, you can choose between different startup options, such as:
        • "Require startup PIN with TPM"
        • "Require startup key with TPM"
        • "Require startup key and PIN with TPM"
      • Select the appropriate option based on your security preference.
    5. Save and Apply Changes: Click "Apply" and then "OK" to save the changes.
    6. Enable BitLocker or Change Settings:
      • If BitLocker is already enabled, you may need to go to BitLocker settings and choose "Change how drive is unlocked at startup."
      • Select the option to use a PIN or password.

    After these steps, you should be prompted to set a startup PIN or password when you enable BitLocker on the system drive, and you will be required to enter it every time you turn on or reboot your PC.

    Remember to back up your recovery key and keep it in a safe place in case you forget your PIN or password.

    Hope it helps.

    Best regards,

    Lei

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-12-06T13:04:15+00:00

    Thank you very much for the detailed answer!

    I did everything step by step and solved this problem!

    The only thing I don't understand is why Bitlocker is configured this way by default and why did Microsoft engineers decide to create a situation where a stranger can turn on my computer and Bitlocker won't stop it? What's the point of encrypting the C drive with Bitlocker then?

    Thank you very much again, and if possible, I'll ask an additional question:

    If a situation arises where the Bitlocker password and recovery key are lost, what actions can I take to "Reset this PC", that is, how can I reset the computer to factory settings, even if I lose all my personal data. I tried to do this by going to the system recovery menu, but with Bitlocker enabled, the "Reset this PC" function doesn't work.

    Or should I ask this question by creating a separate thread for this?

    0 comments
  2. Anonymous
    2024-12-09T07:46:58+00:00

    This design was originally intended to balance safety and user convenience. Specifically:

    1. User Experience: With no additional protections (such as a PIN), users can enjoy a seamless boot experience without having to enter a password or PIN every time they boot up their computer. This is especially useful for enterprise environments, as it reduces support requests caused by users forgetting their passwords or PIN codes.
    2. Security: Even without additional user interaction, BitLocker uses a TPM that provides a level of hardware-level security against unauthorized access. It protects data from physical attacks (e.g., removing a hard drive and reading it on another computer).
    3. Enhanced Protection: Microsoft offers additional security options, such as using a TPM along with a PIN code or password, to enhance protection in scenarios that require greater security. This requires manual configuration and is often used in environments with high security requirements.
    0 comments