It's foolish to prefer a password since a PIN means better security since it works together with the TPM.
Passwords can be brute forced, PINs not, since the TPM locks out after 32 attempts.
See my article for automation scripts: Easiest way (which does not require setting up another password):
https://www.experts-exchange.com/articles/33771/We-have-bitlocker-so-we-need-MBAM-too.html
Bitlocker can't use Strong password, standard user can't turn it on
Eaven HUANG
2,181
Reputation points
Dear experts,
We are exploring the possibility to enable bitlocker for our domain machines and save the key to local AD. The issues we are facing are:
In Win11 we are testing, we don't have the password option for users to set strong password, instead there is a pin option but we prefer password if possible?
Non-admin users are access-denied to turn Bitlocker on, is there any way that we can allow them to set up their own password?
Is there any policy or method that we can enforce our domain users to use BitLocker?
Thanks a lot.
1 answer
Sort by: Most helpful
-
Bagitman 586 Reputation points
2022-10-01T09:11:46.85+00:00