Win11 no password option for Bitlocker setup

Gary998812

New member
Local time
9:40 AM
Posts
18
OS
Windows 11 Pro
I've assembled a new PC (Ryzen 3900X, MSI X570, NVMe SSD, Windows 11 Pro) and am trying to enable Bitlocker with a startup password. There's no TPM, and I'm bypassing the TPM requirement via the gpedit settings suggested here (I've also tried several variations): Windows BitLocker not offering unlock-by-password option. This approach has worked on my previous (Windows 10 Pro) computers.

When I try to turn on Bitlocker, the configuration checks out ok but there's no startup-password option, only a PIN option. I've enabled enhanced PINs, but I'd still prefer to have the password option (which allows longer character sequences than the PINs). Any guess why that isn't showing up?
 

My Computer

System One

  • OS
    Windows 11 Pro

Dru2

Well-known member
Power User
VIP
Local time
9:40 AM
Posts
1,153
Location
Virginia
OS
Windows 11 Pro 21H2 (22000.348)
1) I'd be shocked if that board doesn't have built in TPM (firmware TPM).
2) What specific board do you have? Link to it would help tremendously.
3) Why specifically are you trying to turn on/use BitLocker? On what drive? That answer(s) will influence the route taken (or not needed).
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 (22000.348)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    180mb upload. 11mb Download
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Gary998812

New member
Thread Starter
Local time
9:40 AM
Posts
18
OS
Windows 11 Pro
Thanks, you're correct--I hadn't realized there's a FTPM setting. So I'll either try enabling that, or just settle for the PIN.
So far I've only got the one drive (boot/system), but I'll be adding three data drives later. I just have a default policy of encrypting all my devices.
 

My Computer

System One

  • OS
    Windows 11 Pro

Dru2

Well-known member
Power User
VIP
Local time
9:40 AM
Posts
1,153
Location
Virginia
OS
Windows 11 Pro 21H2 (22000.348)
Thanks, you're correct--I hadn't realized there's a FTPM setting. So I'll either try enabling that, or just settle for the PIN.
So far I've only got the one drive (boot/system), but I'll be adding three data drives later. I just have a default policy of encrypting all my devices.

You've not answered question #3. That would give an idea of what you mean by "I'll either try enabling that, or just settle for the PIN."

As a BitLocker user myself, I'm confused by what you mean? And enabling TPM doesn't require BitLocker at all.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 (22000.348)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    180mb upload. 11mb Download
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Gary998812

New member
Thread Starter
Local time
9:40 AM
Posts
18
OS
Windows 11 Pro
Sorry, what I meant was: I like to encrypt all my devices for my security/privacy in the unlikely event that they're lost or stolen. I was thinking that perhaps enabling TPM would then let me use Bitlocker with a password option as I'm accustomed to. Or I could just use Bitlocker as I've already set it up, with an enhanced PIN. I don't much care about the TPM either way, except to the extent that it might affect my Bitlocker options.
 

My Computer

System One

  • OS
    Windows 11 Pro

Dru2

Well-known member
Power User
VIP
Local time
9:40 AM
Posts
1,153
Location
Virginia
OS
Windows 11 Pro 21H2 (22000.348)
Sorry, what I meant was: I like to encrypt all my devices for my security/privacy in the unlikely event that they're lost or stolen. I was thinking that perhaps enabling TPM would then let me use Bitlocker with a password option as I'm accustomed to. Or I could just use Bitlocker as I've already set it up, with an enhanced PIN. I don't much care about the TPM either way, except to the extent that it might affect my Bitlocker options.
OK, let me try to answer this way in keeping things simple (and assuming the drives were not encrypted before the new build).

You can only enable/setup BitLocker when the OS is up and running. And if you choose enable BitLocker on an OS drive, there is no pin or password option, only a 48-digit key option in which you have to option to save to your Microsoft account, or anywhere else except the drive being encrypted. That once the OS drive is encrypted the key will be embedded in the BIOS so whenever the OS is restarted the drive will unlock automatically - no need to supply a key. However, if you do a BIOS update or make certain hardware changes, BitLocker may (will) ask for your key to insure you're the owner and that the changes weren't some attempt to backdoor it. For this reason, it's a good idea to have your keys available during any BIOS updates or hardware changes.

With Non-OS drives, you can choose to use a password or pin to unlock the drive when setting up BitLocker instead of an also supplied 48-digit key. When encrypting a non-OS drive, you'll have the option to allow the PC to automatically unlock those drives when the PC boots, or be required to provide the password each time the system boots. (I'd suggest auto unlock, but that's me).


Transfer of already BitLockered drives:

For the OS drive (in keeping things simple) transfer to a new system requires BitLocker to be removed as the 48-digit key is married to the board/TPM chip the drive was encrypted one. For non-OS drives using BitLocker, you can move them around since they aren't married to the system they were encrypted on. Here you'll just need your password (or key) to unlock the drive on the new system.

So, if the drives were encrypted (BitLocker) before being moved to a new system, that's one thing as explained. If the drives are going to be encrypted "after" the OS is installed that's another thing.

Also, though there is a procedure to BitLocker drives with put TPM, it would be a lot simpler to just enable TPM and follow the BitLocker procedure once the app is started. However, as stated (FYI), enabling TPM does NOT require BitLocker.

Hope this helps/clarifies :)

 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 (22000.348)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    180mb upload. 11mb Download
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Gary998812

New member
Thread Starter
Local time
9:40 AM
Posts
18
OS
Windows 11 Pro
I appreciate your taking the time to address my questions--sorry for any lack of clarity. My data drives were previously Bitlocker-encrypted, but have been decrypted in preparation for the transfer to the new computer. The system drive (the only one present in the new computer so far) has a clean install of Win11 Pro, so no prior encryption.

When I've previously Bitlocker-encrypted my system and data drives on other computers, I had no TPM and instead set up a boot-time password. If I enable TPM on my new computer and then turn on Bitlocker, I understand that by default I won't be prompted to set up a password or PIN, but with gpedit I can change the policy to so that I will be prompted for one (thus creating a two-factor authentication to be used at boot time), correct? I want to set up a PIN (or preferably, a password) even if I enable TPM, because otherwise if my whole computer were to be stolen (not just the drive), it would boot up without requiring credentials (except of course for Windows account logins), correct?

So I'm already close to what I want, but ideally I'd be able to set up a Bitlocker password (rather than PIN), either with or without enabling TPM (I don't care much either way).
 

My Computer

System One

  • OS
    Windows 11 Pro

Dru2

Well-known member
Power User
VIP
Local time
9:40 AM
Posts
1,153
Location
Virginia
OS
Windows 11 Pro 21H2 (22000.348)
I appreciate your taking the time to address my questions--sorry for any lack of clarity. My data drives were previously Bitlocker-encrypted, but have been decrypted in preparation for the transfer to the new computer. The system drive (the only one present in the new computer so far) has a clean install of Win11 Pro, so no prior encryption.

Then use this tutorial for encrypting your OS drive...

And this one for your data...
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 (22000.348)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    180mb upload. 11mb Download
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Gary998812

New member
Thread Starter
Local time
9:40 AM
Posts
18
OS
Windows 11 Pro
Thanks, I was already doing all that. The OS-drive tutorial only mentions Bitlocker's PIN and USB-drive options (which is what I'm getting), but not the password option (which was previously available when I used Bitlocker on Windows 10 computers, and which I've enabled in my new computer in gpedit, in accordance with the instructions in the link in my initial post, but it's still not showing up).
 

My Computer

System One

  • OS
    Windows 11 Pro

Hollywood

Member
Local time
6:40 AM
Posts
30
OS
Windows 11
I just activated BitLocker on the C drive of my primary computer. It works seamless.

I also have 2 other computers that do not have TPM. My understanding is that you can save the key file to a flash drive and that the computer would not ask for a BitLocker password when you start your computer.

My question is if someone has access to the flash drive and the hard drive (and/or computer), can they gain access to the encrypted drive if they do not know the Windows logon password (with just the flash drive)?

Thanks!
 

My Computer

System One

  • OS
    Windows 11

Gary998812

New member
Thread Starter
Local time
9:40 AM
Posts
18
OS
Windows 11 Pro
I just activated BitLocker on the C drive of my primary computer. It works seamless.

I also have 2 other computers that do not have TPM. My understanding is that you can save the key file to a flash drive and that the computer would not ask for a BitLocker password when you start your computer.

My question is if someone has access to the flash drive and the hard drive (and/or computer), can they gain access to the encrypted drive if they do not know the Windows logon password (with just the flash drive)?

Thanks!
Your Bitlocker question seems unrelated to the topic of this thread. It would be helpful if you started your own thread for your question, so that people who are receiving notifications for this thread don't start getting notified of answers to your unrelated question. Thanks!
 

My Computer

System One

  • OS
    Windows 11 Pro

Hollywood

Member
Local time
6:40 AM
Posts
30
OS
Windows 11
Your Bitlocker question seems unrelated to the topic of this thread. It would be helpful if you started your own thread for your question, so that people who are receiving notifications for this thread don't start getting notified of answers to your unrelated question. Thanks!
I in good faith asked a related question about BitLocker without TPM which this thread is about. I apologize if I crashed your party.
 

My Computer

System One

  • OS
    Windows 11

Gary998812

New member
Thread Starter
Local time
9:40 AM
Posts
18
OS
Windows 11 Pro
The thing to always ask yourself is this: does an answer to your question help answer the original question? If not, a separate thread is called for; that's what threads are for. Again, thanks for understanding!
 

My Computer

System One

  • OS
    Windows 11 Pro

Comport Colin

New member
Local time
3:40 PM
Posts
4
OS
Win11
"ideally I'd be able to set up a Bitlocker password" - why would you want that? The PIN is more secure. Passwords can be brute-forced, PINs can't, since they are defended by TPM lockout (only 32 tries!). The PIN is by far better.
 

My Computer

System One

  • OS
    Win11

Dru2

Well-known member
Power User
VIP
Local time
9:40 AM
Posts
1,153
Location
Virginia
OS
Windows 11 Pro 21H2 (22000.348)
"ideally I'd be able to set up a Bitlocker password" - why would you want that? The PIN is more secure. Passwords can be brute-forced, PINs can't, since they are defended by TPM lockout (only 32 tries!). The PIN is by far better.
I think some here are speaking on things they know nothing about. BitLocker is NOT a Windows log in scheme, it is a drive encryption scheme. Windows Hello has nothing to do with BitLocker. Though they both touch on TPM, that's where the distinction ends.

A BitLocker key (48 digit) for example is embedded in the TPM chip just as a 4-digit Windows Hello PIN so it is just as secure.

This info has been posted throughout these forums since Windows 11 announcement. I think some need to research before speaking on things they do not understand.
Those are just snippets of the info out there if one cares to look. Yeah, TPM ties into those, but each is its own entity with its own purpose.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 (22000.348)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 2S
    Internet Speed
    180mb upload. 11mb Download
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev build 22454.1000
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

tinmar49

Active member
Member
Local time
2:40 PM
Posts
212
Location
UK
OS
W11 pro beta
I managed to get very muddled up with bitlocker and haven't yet had the nerve to reinstate it. I allowed Microsoft to keep the keys in my account which meant I could gain access and I had also written them down. One of the problems I had was in moving the SSD from one pc to another even after removing bitlocker first. At the moment I am relying on fTPM, secure boot and core isolation, plus pin and not saving any of my passwords.
 

My Computers

System One System Two

  • OS
    W11 pro beta
    Computer type
    PC/Desktop
    CPU
    Athlon 3000G
    Motherboard
    Asrock A320M-HDV r4.0
    Memory
    8Gb Crucial DDR4 2400
    Graphics Card(s)
    onboard cpu
    Sound Card
    onboard
    Monitor(s) Displays
    AOC 27
    Screen Resolution
    2560-1440
    Hard Drives
    WD black SN750 M2 500Gb
    PSU
    400W Novatech semi modular 80+bronze.
    Case
    Fractal Design Define R2
    Cooling
    front 2 x 120mm rear 100mm stock psu
    Internet Speed
    215/21
    Browser
    Firefox and edge
    Antivirus
    Windows Security and free Malwarebytes
  • Operating System
    W11 pro 64
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 3200G
    Motherboard
    MSI B450M PRO-VDH
    Memory
    2 x 8Gb Corsair Vengeance LPX 3000 DDR4
    Graphics card(s)
    onboard cpu
    Sound Card
    motherboard
    Monitor(s) Displays
    LG
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD Black M2 SN750 500Gb
    PSU
    Be Quiet 400 semi modular 80+gold
    Case
    Coolermaster Silencio 650
    Cooling
    140mm front, 120 rear Akasa Vegas Chroma AM
    Internet Speed
    21/215
    Browser
    edge/Firefox
    Antivirus
    WD plus Malwarebytes free
Top Bottom