Bitlocker can't use Strong password, standard user can't turn it on

Eaven HUANG 2,156 Reputation points
2022-09-06T03:45:11.82+00:00

Dear experts,

We are exploring the possibility to enable bitlocker for our domain machines and save the key to local AD. The issues we are facing are:
In Win11 we are testing, we don't have the password option for users to set strong password, instead there is a pin option but we prefer password if possible?
Non-admin users are access-denied to turn Bitlocker on, is there any way that we can allow them to set up their own password?
Is there any policy or method that we can enforce our domain users to use BitLocker?

Thanks a lot.

238007-access-denied.jpg
237954-enter-a-pin.jpg

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,840 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Bagitman 581 Reputation points
    2022-10-01T09:11:46.85+00:00

    It's foolish to prefer a password since a PIN means better security since it works together with the TPM.
    Passwords can be brute forced, PINs not, since the TPM locks out after 32 attempts.
    See my article for automation scripts: Easiest way (which does not require setting up another password):
    https://www.experts-exchange.com/articles/33771/We-have-bitlocker-so-we-need-MBAM-too.html

    0 comments No comments