In my previous guide, we have seen how to enable BitLocker on Windows 11 operating system drive. By default, on a BitLocker activated operating system drive, you are not asked for any PIN at startup. But in case if you want to increase the security of your encrypted drive, you can enable BitLocker PIN in Windows 11 at startup.
After adding PIN to BitLocker OS drive, when you start the system, this PIN will be asked before you reach to boot screen. Once you enter correct PIN, the drive will be unlocked and you can then proceed to login.
A typical BitLocker PIN can be 6-20 numbers long. Note that this PIN is different from the user account PIN. You cannot use BitLocker PIN to unlock your user account profile. And similarly, you cannot use user account PIN to unlock the BitLocker drive as these are different entities.
Here’s how you can enable BitLocker PIN in your Windows 11.
Page Contents
Enable BitLocker PIN in Windows 11
Manual steps
1. Open GPO Editor by running gpedit.msc in Windows client edition and by using gpmc.msc command in Windows Server.
2. Next, open the GPO Editor window, navigate here:
Computer configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
3. In the right pane of Operating System Drives, locate the policy setting named Require additional authentication at startup. By default, this policy is set to Not configured. You can double click on the policy setting to modify it.
4. In the policy configuration window, select Enabled. Under options, uncheck Allow BitLocker without a compatible TPM. Leave rest of the options as they are by default. Click Apply, followed by OK.
5. Press 
+ R keys and type gpupdate /force command. It will update the computer policy in few moments.
6. Right click on your BitLocker encrypted operating system drive and select Show more options, then select Manage BitLocker. In the next window, click on Change how drive is unlocked at startup.
7. Under Choose how to unlock your drive at startup, click Enter a PIN (recommended).
8. Next, type BitLocker PIN that can be 6-20 numbers long. Finally, click on Set PIN.
So in this way, your BitLocker drive PIN is now added. It will be asked at every startup, when you start your Windows 11 system.
Video fix
You can also refer this video for detailed steps:
That’s it!
5 Comments
Add your comment
How to change PIN to password?
I have windows 10 pro, am comfortable with bitlocker, policies, etc. BUT, i have a new laptop, wiht WINDOWS 11 HOME. it has MIcROSOFT ENCRYPTION on it, which, per the group policies, and manage-bde, are essentially bitlocker encryption. The same policies exist.
I would LIKE to have this WINDOWS 11 HOME machine, REQUIRE the Bitlocker-unlock-pin screen, at machine startup. I see the group policy for this, but on right clicking the C: drive, the bitlocker options do not show up.
IS THERE ANY way in gpedit.msc, and/or manage-bde, to force bitlocker to ask for a PIN, at startup (machine has TPM), and to also allow me to set the PIN for this (I understand this PIN is different than the username/pin/password login
any feedback appreciated
thanks
nick
^^ Windows 11 Home doesn’t support BitLocker officially. That’s why you don’t have options to manage it even with Group Policy. You need at least Pro edition for managing BitLocker feature. Although, in Windows 11 Home, you can instead use Device Encryption, if supported: https://www.kapilarya.com/enable-or-disable-device-encryption-in-windows-11.
Thank you so much this worked. Now the NSA will have a fun time figuring it out if I get stopped for no reason.
^^ Glad it worked 😎