Privacy and Security Change how BitLocker Unlocks OS Drive at Startup in Windows 11


  • Staff
BitLocker_OS_banner.png

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

BitLocker checks the PC during startup for any conditions that could represent a security risk (for example, a change to the BIOS software that starts the operating system when you turn on your PC, or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and you'll need a special BitLocker recovery key to unlock it.

BitLocker will automatically unlock a OS drive encrypted by BitLocker with TPM at startup by default in Windows 11.

You can enable the Require additional authentication at startup policy to allow BitLocker to unlock the operating system drive with a PIN or USB flash drive.

This tutorial will show you how to choose how to unlock your operating system drive at startup with a PIN, USB flash drive, or automatically with TPM in Windows 11.


You must be signed in as an administrator to change how the OS drive is unlocked at startup by BitLocker.



Contents

  • Option One: Change BitLocker to Unlock OS drive at Startup Automatically with TPM
  • Option Two: Change BitLocker to Unlock OS drive at Startup with PIN
  • Option Three: Change BitLocker to Unlock OS drive at Startup with USB flash drive




Option One

Change BitLocker to Unlock OS drive at Startup Automatically with TPM


This is the default setting.


1 Open the Control Panel (icons view), and click/tap on the BitLocker Drive Encryption icon.

2 Click/tap on Change how drive is unlocked at startup for the Operating system drive you want. (see screenshot below)

Unlock_BitLocker_OS_drive_automatically_at_startup-1.png

3 Click/tap on Let BitLocker automatically unlock my drive. (see screenshot below)

The option you are currently using will be grayed out.


Unlock_BitLocker_OS_drive_automatically_at_startup-2.png

4 Click/tap on Finish. (see screenshot below)

Unlock_BitLocker_OS_drive_automatically_at_startup-3.png

5 You can now close the Control Panel if you like.




Option Two

Change BitLocker to Unlock OS drive at Startup with PIN


1 Open the Control Panel (icons view), and click/tap on the BitLocker Drive Encryption icon.

2 Click/tap on Change how drive is unlocked at startup for the Operating system drive you want. (see screenshot below)

Unlock_BitLocker_OS_drive_with_PIN_at_startup-1.png

3 Click/tap on Enter a PIN (recommended). (see screenshot below)

The option you are currently using will be grayed out.


Unlock_BitLocker_OS_drive_with_PIN_at_startup-2.png

4 Enter a PIN, Reenter PIN, and click/tap on Set PIN. (see screenshot below)

The PIN is required to be 6-20 numbers long.


Unlock_BitLocker_OS_drive_with_PIN_at_startup-3.png

5 You can now close the Control Panel if you like.




Option Three

Change BitLocker to Unlock OS drive at Startup with USB flash drive


1 Connect the USB flash drive you want to use to unlock the OS drive at startup.

2 Open the Control Panel (icons view), and click/tap on the BitLocker Drive Encryption icon.

3 Click/tap on Change how drive is unlocked at startup for the Operating system drive you want. (see screenshot below)

Unlock_BitLocker_OS_drive_with_USB_at_startup-1.png

4 Click/tap on Insert a USB flash drive. (see screenshot below)

The option you are currently using will be grayed out.


Unlock_BitLocker_OS_drive_with_USB_at_startup-2.png

5 Select the USB flash drive, and click/tap on Save. (see screenshot below)

This will not format the USB, so you will not lose anything currently on the USB.

This will save the BitLocker startup key for the OS drive to the USB so it can be used to unlock the OS drive at startup.


Unlock_BitLocker_OS_drive_with_USB_at_startup-3.png

6 You can now close the Control Panel if you like.


That's it,
Shawn Brink


 

Attachments

  • BitLocker_OS.png
    BitLocker_OS.png
    7.1 KB · Views: 30
Last edited:
Top Bottom