Privacy and Security Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB in Windows 11


BitLocker_OS_banner.png

This tutorial will show you how to enable or disable BitLocker to unlock the operating system drive at startup with a PIN or USB flash drive in Windows 10 and Windows 11.

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

BitLocker checks the PC during startup for any conditions that could represent a security risk (for example, a change to the BIOS software that starts the operating system when you turn on your PC, or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and you'll need a special BitLocker recovery key to unlock it.

BitLocker will automatically unlock a OS drive encrypted by BitLocker with TPM at startup by default in Windows 11.

You can enable the Require additional authentication at startup policy to allow BitLocker to unlock the operating system drive with a PIN or USB flash drive.


You must be signed in as an administrator to enable or disable BitLocker to unlock the OS drive at startup with PIN and USB.

If you disable BitLocker to unlock the OS drive at startup with a PIN or USB when the OS drive is already set to unlock at startup with a PIN or USB, you will still be able to continue to unlock the OS drive at startup with the PIN or USB until you change to let BitLocker automatically unlock the OS drive with TPM.

If you Enable BitLocker to unlock the OS drive at startup with a PIN or USB, it will add Change how drive is unlocked at startup to BitLocker Manager operating System drive settings in Control Panel > BitLocker Drive Encryption.



Contents

  • Option One: Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB in Local Group Policy Editor
  • Option Two: Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB using REG file


EXAMPLE: Change how drive is unlocked at startup

Choose_how_to_unlock_your_drive_at_startup-1.png
Choose_how_to_unlock_your_drive_at_startup-2.png





Option One

Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB in Local Group Policy Editor


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Two.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

BitLocker_OS_gpedit-1.png

3 In the right pane of Operating System Drives in the Local Group Policy Editor, double click/tap on the Require additional authentication at startup policy to edit it. (see screenshot above)

4 Do step 5 (enable) or step 6 (disable) below for what you would like to do.

5 Enable BitLocker to Unlock OS drive at Startup with PIN and USBs

A) Select (dot) Enabled. (see screenshot below)​

B) Uncheck the Allow BitLocker without a compatible TPM box under Options, and click/tap on OK.​

C) Leave all settings under Options set to the default Allow.​

D) Click/tap on OK, and go to step 7 below.​

BitLocker_OS_gpedit-2.png

6 Disable BitLocker to Unlock OS drive at Startup with PIN and USB

This is the default setting.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

BitLocker_OS_gpedit-3.png

7 You can now close the Local Group Policy Editor if you like.




Option Two

Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB using REG file


1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.

2 Enable BitLocker to Unlock OS drive at Startup with PIN and USB

A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Enable_BitLocker_unlock_OS_drive_at_startup_with_PIN_and_USB.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000000
"UseTPM"=dword:00000002
"UseTPMPIN"=dword:00000002
"UseTPMKey"=dword:00000002
"UseTPMKeyPIN"=dword:00000002

3 Disable BitLocker to Unlock OS drive at Startup with PIN and USB

This is the default setting.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Disable_BitLocker_unlock_OS_drive_at_startup_with_PIN_and_USB.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=-
"EnableBDEWithNoTPM"=-
"UseTPM"=-
"UseTPMPIN"=-
"UseTPMKey"=-
"UseTPMKeyPIN"=-

4 Save the .reg file to your desktop.

5 Double click/tap on the downloaded .reg file to merge it.

6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink


 

Attachments

Last edited:
ok, long hiatus, i got windows 11 homne and now have 24H2.
I added the registry key, but WHAT TO DO NEXT? (I have windows 11 pro, and use bitlocker, familiar with interface).
right clicking on the C: drive does not give any options for adding/changing a bitlocker PIN, so just having the registry entries does not help.
NOTE, i did NOT reboot system after adding the key, should i reboot, and will i then get the "manage bitlocker" options? any feedback is appreciated. I don't want to create a brick out of my 4-month old notebook. thanks

EDIT - ALSO, do i have to be in a microsoft account to activate it (I am logged in with LOCAL account), and then also to use it? (a deal breaker, since i can use bitlocker with PRO, as local account)
 

My Computer

System One

  • OS
    windows 11
ok, long hiatus, i got windows 11 homne and now have 24H2.
I added the registry key, but WHAT TO DO NEXT? (I have windows 11 pro, and use bitlocker, familiar with interface).
right clicking on the C: drive does not give any options for adding/changing a bitlocker PIN, so just having the registry entries does not help.
NOTE, i did NOT reboot system after adding the key, should i reboot, and will i then get the "manage bitlocker" options? any feedback is appreciated. I don't want to create a brick out of my 4-month old notebook. thanks

Hello, :alien:

This policy enables the ability to unlock the OS drive with a PIN or USB.

Once this policy is enabled, it will add Change how drive is unlocked at startup to BitLocker Manager operating System drive settings in Control Panel > BitLocker Drive Encryption.

This is where you can enable it.

 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
so, to confirm - all i hvae to do is add the registry keys, and then go to the control panel (usually those optoins showed up on right click of the drive), do i hvae to reboot, can i be in local account? any feedback appreciated.
 

My Computer

System One

  • OS
    windows 11
so, to confirm - all i hvae to do is add the registry keys, and then go to the control panel (usually those optoins showed up on right click of the drive), do i hvae to reboot, can i be in local account? any feedback appreciated.
Once enabled, you'll be able to use an option in the tutorial below to change to use a PIN or USB to unlock the BitLocker OS drive with at startup.

 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
not working.
local account (administrator account),i added the registry file.
i rebooted.
i still only see option to back up the recovery key. i do not get the options to change the pin, login method, etc.
see attached
319.webp
 

My Computer

System One

  • OS
    windows 11
not working.
local account (administrator account),i added the registry file.
i rebooted.
i still only see option to back up the recovery key. i do not get the options to change the pin, login method, etc.
see attached
View attachment 118482

Looks like you have "Device Encryption" instead of the full "BitLocker".
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
i thought 24H2 was providing the bitlocker options? is it not doing so? do i need to upgrade to PRO to get bitlocker?
i just did another update patch to 24h2, and restarted, and even logged on with microsoft account, but still no addition of options
 

My Computer

System One

  • OS
    windows 11
i thought 24H2 was providing the bitlocker options? is it not doing so? do i need to upgrade to PRO to get bitlocker?
i just did another update patch to 24h2, and restarted, and even logged on with microsoft account, but still no addition of options

Correct. You need Pro for the full BitLocker instead of just Device Encryption.


 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
that makes no sense. if the registry stuff supposedly was to enable bitlocker, and they are indicating that we HAVE bitlocker, with 24H2, then it is bizarre that it does not activate it, as these registry settings are the same as Win 11 PRO for the "FVE" (my other computer has that).
I give up. i purchased win 11 pro, but it is frustrating that the 24H2 is not providing it, despite claims that it is. any other feedback is appreciated, and i appreciate your tutoriials, they were easy to follow. they just did not turn on hte options, on my machine
 

My Computer

System One

  • OS
    windows 11
Hello Shawn,

I cannot do this and would really appreciate your help. I have posted my issue here which fully explains my problem

Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB in Windows 11

Hello and welcome. :alien:

Luckily, I also have a Surface Laptop 7 Copilot+ PC. I'm going to be tied up for most of the day today, but I'll do some testing later and post back.

EDIT:

Using step 2 in option 2, this is what I get for now on this specific laptop. No PIN option.

USB.webp
 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
just an observation
i had a samsung tablet.
it had a bios-based keyboard on-screen. i had bitlocker on that. THAT keyboard was able to enter the bitlocker codes.
BUT, from prior bitlocker discussions, if the keyboard can't come up at power-up, when bitlocker needs its codes, then either a usb plug-in keyboard is probably needed, or it may not be able to be done.
I had looked at getting a BLUETOOTH keybard for my new desktop, Same issue came up, the BLUETOOTH only is available after windows boot-up, so it was not able to be used.
so i got a logitech with usb unifying receiver. the usb connects at power-up, so i am able to enter the bitlocker key
 

My Computer

System One

  • OS
    windows 11
Hello and welcome. :alien:

Luckily, I also have a Surface Laptop 7 Copilot+ PC. I'm going to be tied up for most of the day today, but I'll do some testing later and post back.

EDIT:

Using step 2 in option 2, this is what I get for now on this specific laptop. No PIN option.

View attachment 119714

Thanks Shawn. Look forward to hearing from you. I do hope you are able to resolve this. And yes your surface laptop 7 looks to have exactly the same specs as mine.
 

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
Thanks Shawn. Look forward to hearing from you. I do hope you are able to resolve this. And yes your surface laptop 7 looks to have exactly the same specs as mine.

Unlock with USB was the only extra option it would give me. Doesn't look like it's going to all unlock with PIN.

Were you able to use step 2 in option two to enable the policy to allow unlock with USB if wanted?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Unlock with USB was the only extra option it would give me. Doesn't look like it's going to all unlock with PIN.

Were you able to use step 2 in option two to enable the policy to allow unlock with USB if wanted?
Hello Shawn,

I don't want to do anything that leaves me in a situation where I cannot boot up my new Surface PC. I don't have sufficient expertise to get out of that situation but you would ;-) .

You can display the option to set a PIN in the following way.

1. Enable the GPO “Enable use of Bitlocker authentication requiring preboot keyboard input on slates”.
2. Enable the GPO "Require Additional Information at Startup" and uncheck the "Allow Bitlocker without a compatible PIN..." Leave all other options as they are.
3. Run "gpupdate /force"
4. You will then see the following. Can you then reboot and see if you are a) prompted for the Bitlocker PIN screen and b) if you can use the Surface's keyboard to enter it?

Many thanks.

1734578713917.webp





 
Last edited:

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
@BirendraN,

This error message indicates that BitLocker is unable to detect a keyboard during the pre-boot process, which is required to enter the authentication PIN.

Touchscreens are not allowed for this, so a keyboard must be used.

You can check your UEFI settings to see if one may have been set to disable the keyboard at boot. I'll check mine now to see if I see one for this since we have the same laptop. Will report back. There's not a setting for this.

In addition, check for updates to make sure the firmware is up to date.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Hello Shawn,

I don't want to do anything that leaves me in a situation where I cannot boot up my new Surface PC. I don't have sufficient expertise to get out of that situation but you would ;-) .

You can display the option to set a PIN in the following way.

1. Enable the GPO “Enable use of Bitlocker authentication requiring preboot keyboard input on slates”.
2. Enable the GPO "Require Additional Information at Startup" and uncheck the "Allow Bitlocker without a compatible PIN..." Leave all other options as they are.
3. Run "gpupdate /force"
4. You will then see the following. Can you then reboot and see if you are a) prompted for the Bitlocker PIN screen and b) if you can use the Surface's keyboard to enter it?

Many thanks.

View attachment 119761

I don't have the option to unlock with PIN available when the GPO is enabled.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
I don't have the option to unlock with PIN available when the GPO is enabled.
My PC is fully up to date.
So just to be clear, when you edit both GPOs in my previous post you do not see the same result (ability to set a PIN) as I do?
Also, could you run System Information and look for "Platform Role" please, does it say "Slate"?
 

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
My PC is fully up to date.
So just to be clear, when you edit both GPOs in my previous post you do not see the same result (ability to set a PIN) as I do?
Also, could you run System Information and look for "Platform Role" please, does it say "Slate"?

Correct. I only have the USB option, and no PIN.

It does say Slate.

usb-webp.119714
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender

Latest Support Threads

Back
Top Bottom