This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 42%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi,
I am using Bitlocker on Windows 10 Enterprise. and on every boot I have to put the PIN. That is what I want. But how can I do that with a USB stick without put any PIN?
I mean fro Administrator is a easy way.
Regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Teemo's link goes far beyond what's really needed.
To have an additional method to start your pc, you simply boot windows, connect the stick (let it mount as x:, maybe) and then open an elevated command prompt and go
manage-bde -protectors c: -add s-k x:\
That command saves a startup key to your USB drive which will then allow to start without entering the PIN, when connected.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 97%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Thanks to Anonymous user from 7-Aug for the lead but I believe his post had a typo and should have read:
Open a command prompt as an Administrator and type (assuming x is the drive letter assigned to the USB key you want to use):
manage-bde -protectors -add X: -sk X:\
One thing we need to know: if one authentication method is required, the other methods cannot be allowed.
Use of BitLocker with a TPM startup key or with a TPM startup key and a PIN must be disallowed if the Deny write access to removable drives not protected by BitLocker policy setting is enabled.
If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
Detailed steps here:
How to Use a USB Key to Unlock a BitLocker-Encrypted PC
https://www.howtogeek.com/262744/how-to-use-a-usb-key-to-unlock-a-bitlocker-encrypted-pc/
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
