Bitlocker can't use Strong password, standard user can't turn it on

Eaven HUANG 2,126 Reputation points
2022-09-06T03:45:11.82+00:00

Dear experts,

We are exploring the possibility to enable bitlocker for our domain machines and save the key to local AD. The issues we are facing are:
In Win11 we are testing, we don't have the password option for users to set strong password, instead there is a pin option but we prefer password if possible?
Non-admin users are access-denied to turn Bitlocker on, is there any way that we can allow them to set up their own password?
Is there any policy or method that we can enforce our domain users to use BitLocker?

Thanks a lot.

238007-access-denied.jpg
237954-enter-a-pin.jpg

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,750 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Bagitman 576 Reputation points
    2022-10-01T09:11:46.85+00:00

    It's foolish to prefer a password since a PIN means better security since it works together with the TPM.
    Passwords can be brute forced, PINs not, since the TPM locks out after 32 attempts.
    See my article for automation scripts: Easiest way (which does not require setting up another password):
    https://www.experts-exchange.com/articles/33771/We-have-bitlocker-so-we-need-MBAM-too.html

    0 comments No comments