Win11 no password option for Bitlocker setup

Gary998812

New member
Local time
8:17 PM
Posts
16
I've assembled a new PC (Ryzen 3900X, MSI X570, NVMe SSD, Windows 11 Pro) and am trying to enable Bitlocker with a startup password. There's no TPM, and I'm bypassing the TPM requirement via the gpedit settings suggested here (I've also tried several variations): Windows BitLocker not offering unlock-by-password option. This approach has worked on my previous (Windows 10 Pro) computers.

When I try to turn on Bitlocker, the configuration checks out ok but there's no startup-password option, only a PIN option. I've enabled enhanced PINs, but I'd still prefer to have the password option (which allows longer character sequences than the PINs). Any guess why that isn't showing up?
 

My Computer

System One

  • Operating System
    Windows 11 Pro

Dru2

Well-known member
Power User
VIP
Local time
8:17 PM
Posts
891
Location
Virginia
1) I'd be shocked if that board doesn't have built in TPM (firmware TPM).
2) What specific board do you have? Link to it would help tremendously.
3) Why specifically are you trying to turn on/use BitLocker? On what drive? That answer(s) will influence the route taken (or not needed).
 

My Computers

System One System Two

  • Operating System
    Windows 11 Pro 21H2 (22000.318)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    100mb
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Gary998812

New member
Thread Starter
Local time
8:17 PM
Posts
16
Thanks, you're correct--I hadn't realized there's a FTPM setting. So I'll either try enabling that, or just settle for the PIN.
So far I've only got the one drive (boot/system), but I'll be adding three data drives later. I just have a default policy of encrypting all my devices.
 

My Computer

System One

  • Operating System
    Windows 11 Pro

Dru2

Well-known member
Power User
VIP
Local time
8:17 PM
Posts
891
Location
Virginia
Thanks, you're correct--I hadn't realized there's a FTPM setting. So I'll either try enabling that, or just settle for the PIN.
So far I've only got the one drive (boot/system), but I'll be adding three data drives later. I just have a default policy of encrypting all my devices.

You've not answered question #3. That would give an idea of what you mean by "I'll either try enabling that, or just settle for the PIN."

As a BitLocker user myself, I'm confused by what you mean? And enabling TPM doesn't require BitLocker at all.
 

My Computers

System One System Two

  • Operating System
    Windows 11 Pro 21H2 (22000.318)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    100mb
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Gary998812

New member
Thread Starter
Local time
8:17 PM
Posts
16
Sorry, what I meant was: I like to encrypt all my devices for my security/privacy in the unlikely event that they're lost or stolen. I was thinking that perhaps enabling TPM would then let me use Bitlocker with a password option as I'm accustomed to. Or I could just use Bitlocker as I've already set it up, with an enhanced PIN. I don't much care about the TPM either way, except to the extent that it might affect my Bitlocker options.
 

My Computer

System One

  • Operating System
    Windows 11 Pro

Dru2

Well-known member
Power User
VIP
Local time
8:17 PM
Posts
891
Location
Virginia
Sorry, what I meant was: I like to encrypt all my devices for my security/privacy in the unlikely event that they're lost or stolen. I was thinking that perhaps enabling TPM would then let me use Bitlocker with a password option as I'm accustomed to. Or I could just use Bitlocker as I've already set it up, with an enhanced PIN. I don't much care about the TPM either way, except to the extent that it might affect my Bitlocker options.
OK, let me try to answer this way in keeping things simple (and assuming the drives were not encrypted before the new build).

You can only enable/setup BitLocker when the OS is up and running. And if you choose enable BitLocker on an OS drive, there is no pin or password option, only a 48-digit key option in which you have to option to save to your Microsoft account, or anywhere else except the drive being encrypted. That once the OS drive is encrypted the key will be embedded in the BIOS so whenever the OS is restarted the drive will unlock automatically - no need to supply a key. However, if you do a BIOS update or make certain hardware changes, BitLocker may (will) ask for your key to insure you're the owner and that the changes weren't some attempt to backdoor it. For this reason, it's a good idea to have your keys available during any BIOS updates or hardware changes.

With Non-OS drives, you can choose to use a password or pin to unlock the drive when setting up BitLocker instead of an also supplied 48-digit key. When encrypting a non-OS drive, you'll have the option to allow the PC to automatically unlock those drives when the PC boots, or be required to provide the password each time the system boots. (I'd suggest auto unlock, but that's me).


Transfer of already BitLockered drives:

For the OS drive (in keeping things simple) transfer to a new system requires BitLocker to be removed as the 48-digit key is married to the board/TPM chip the drive was encrypted one. For non-OS drives using BitLocker, you can move them around since they aren't married to the system they were encrypted on. Here you'll just need your password (or key) to unlock the drive on the new system.

So, if the drives were encrypted (BitLocker) before being moved to a new system, that's one thing as explained. If the drives are going to be encrypted "after" the OS is installed that's another thing.

Also, though there is a procedure to BitLocker drives with put TPM, it would be a lot simpler to just enable TPM and follow the BitLocker procedure once the app is started. However, as stated (FYI), enabling TPM does NOT require BitLocker.

Hope this helps/clarifies :)

 
Last edited:

My Computers

System One System Two

  • Operating System
    Windows 11 Pro 21H2 (22000.318)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    100mb
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Gary998812

New member
Thread Starter
Local time
8:17 PM
Posts
16
I appreciate your taking the time to address my questions--sorry for any lack of clarity. My data drives were previously Bitlocker-encrypted, but have been decrypted in preparation for the transfer to the new computer. The system drive (the only one present in the new computer so far) has a clean install of Win11 Pro, so no prior encryption.

When I've previously Bitlocker-encrypted my system and data drives on other computers, I had no TPM and instead set up a boot-time password. If I enable TPM on my new computer and then turn on Bitlocker, I understand that by default I won't be prompted to set up a password or PIN, but with gpedit I can change the policy to so that I will be prompted for one (thus creating a two-factor authentication to be used at boot time), correct? I want to set up a PIN (or preferably, a password) even if I enable TPM, because otherwise if my whole computer were to be stolen (not just the drive), it would boot up without requiring credentials (except of course for Windows account logins), correct?

So I'm already close to what I want, but ideally I'd be able to set up a Bitlocker password (rather than PIN), either with or without enabling TPM (I don't care much either way).
 

My Computer

System One

  • Operating System
    Windows 11 Pro

Dru2

Well-known member
Power User
VIP
Local time
8:17 PM
Posts
891
Location
Virginia
I appreciate your taking the time to address my questions--sorry for any lack of clarity. My data drives were previously Bitlocker-encrypted, but have been decrypted in preparation for the transfer to the new computer. The system drive (the only one present in the new computer so far) has a clean install of Win11 Pro, so no prior encryption.

Then use this tutorial for encrypting your OS drive...

And this one for your data...
 

My Computers

System One System Two

  • Operating System
    Windows 11 Pro 21H2 (22000.318)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    100mb
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Gary998812

New member
Thread Starter
Local time
8:17 PM
Posts
16
Thanks, I was already doing all that. The OS-drive tutorial only mentions Bitlocker's PIN and USB-drive options (which is what I'm getting), but not the password option (which was previously available when I used Bitlocker on Windows 10 computers, and which I've enabled in my new computer in gpedit, in accordance with the instructions in the link in my initial post, but it's still not showing up).
 

My Computer

System One

  • Operating System
    Windows 11 Pro
Top Bottom