Win11 no password option for Bitlocker setup


Gary998812

Member
Local time
11:20 AM
Posts
19
OS
Windows 11 Pro
I've assembled a new PC (Ryzen 3900X, MSI X570, NVMe SSD, Windows 11 Pro) and am trying to enable Bitlocker with a startup password. There's no TPM, and I'm bypassing the TPM requirement via the gpedit settings suggested here (I've also tried several variations): Windows BitLocker not offering unlock-by-password option. This approach has worked on my previous (Windows 10 Pro) computers.

When I try to turn on Bitlocker, the configuration checks out ok but there's no startup-password option, only a PIN option. I've enabled enhanced PINs, but I'd still prefer to have the password option (which allows longer character sequences than the PINs). Any guess why that isn't showing up?
 

My Computer

System One

  • OS
    Windows 11 Pro
1) I'd be shocked if that board doesn't have built in TPM (firmware TPM).
2) What specific board do you have? Link to it would help tremendously.
3) Why specifically are you trying to turn on/use BitLocker? On what drive? That answer(s) will influence the route taken (or not needed).
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
Thanks, you're correct--I hadn't realized there's a FTPM setting. So I'll either try enabling that, or just settle for the PIN.
So far I've only got the one drive (boot/system), but I'll be adding three data drives later. I just have a default policy of encrypting all my devices.
 

My Computer

System One

  • OS
    Windows 11 Pro
Thanks, you're correct--I hadn't realized there's a FTPM setting. So I'll either try enabling that, or just settle for the PIN.
So far I've only got the one drive (boot/system), but I'll be adding three data drives later. I just have a default policy of encrypting all my devices.

You've not answered question #3. That would give an idea of what you mean by "I'll either try enabling that, or just settle for the PIN."

As a BitLocker user myself, I'm confused by what you mean? And enabling TPM doesn't require BitLocker at all.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
Sorry, what I meant was: I like to encrypt all my devices for my security/privacy in the unlikely event that they're lost or stolen. I was thinking that perhaps enabling TPM would then let me use Bitlocker with a password option as I'm accustomed to. Or I could just use Bitlocker as I've already set it up, with an enhanced PIN. I don't much care about the TPM either way, except to the extent that it might affect my Bitlocker options.
 

My Computer

System One

  • OS
    Windows 11 Pro
Sorry, what I meant was: I like to encrypt all my devices for my security/privacy in the unlikely event that they're lost or stolen. I was thinking that perhaps enabling TPM would then let me use Bitlocker with a password option as I'm accustomed to. Or I could just use Bitlocker as I've already set it up, with an enhanced PIN. I don't much care about the TPM either way, except to the extent that it might affect my Bitlocker options.
OK, let me try to answer this way in keeping things simple (and assuming the drives were not encrypted before the new build).

You can only enable/setup BitLocker when the OS is up and running. And if you choose enable BitLocker on an OS drive, there is no pin or password option, only a 48-digit key option in which you have to option to save to your Microsoft account, or anywhere else except the drive being encrypted. That once the OS drive is encrypted the key will be embedded in the BIOS so whenever the OS is restarted the drive will unlock automatically - no need to supply a key. However, if you do a BIOS update or make certain hardware changes, BitLocker may (will) ask for your key to insure you're the owner and that the changes weren't some attempt to backdoor it. For this reason, it's a good idea to have your keys available during any BIOS updates or hardware changes.

With Non-OS drives, you can choose to use a password or pin to unlock the drive when setting up BitLocker instead of an also supplied 48-digit key. When encrypting a non-OS drive, you'll have the option to allow the PC to automatically unlock those drives when the PC boots, or be required to provide the password each time the system boots. (I'd suggest auto unlock, but that's me).


Transfer of already BitLockered drives:

For the OS drive (in keeping things simple) transfer to a new system requires BitLocker to be removed as the 48-digit key is married to the board/TPM chip the drive was encrypted one. For non-OS drives using BitLocker, you can move them around since they aren't married to the system they were encrypted on. Here you'll just need your password (or key) to unlock the drive on the new system.

So, if the drives were encrypted (BitLocker) before being moved to a new system, that's one thing as explained. If the drives are going to be encrypted "after" the OS is installed that's another thing.

Also, though there is a procedure to BitLocker drives with put TPM, it would be a lot simpler to just enable TPM and follow the BitLocker procedure once the app is started. However, as stated (FYI), enabling TPM does NOT require BitLocker.

Hope this helps/clarifies :)

 
Last edited:

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
I appreciate your taking the time to address my questions--sorry for any lack of clarity. My data drives were previously Bitlocker-encrypted, but have been decrypted in preparation for the transfer to the new computer. The system drive (the only one present in the new computer so far) has a clean install of Win11 Pro, so no prior encryption.

When I've previously Bitlocker-encrypted my system and data drives on other computers, I had no TPM and instead set up a boot-time password. If I enable TPM on my new computer and then turn on Bitlocker, I understand that by default I won't be prompted to set up a password or PIN, but with gpedit I can change the policy to so that I will be prompted for one (thus creating a two-factor authentication to be used at boot time), correct? I want to set up a PIN (or preferably, a password) even if I enable TPM, because otherwise if my whole computer were to be stolen (not just the drive), it would boot up without requiring credentials (except of course for Windows account logins), correct?

So I'm already close to what I want, but ideally I'd be able to set up a Bitlocker password (rather than PIN), either with or without enabling TPM (I don't care much either way).
 

My Computer

System One

  • OS
    Windows 11 Pro
I appreciate your taking the time to address my questions--sorry for any lack of clarity. My data drives were previously Bitlocker-encrypted, but have been decrypted in preparation for the transfer to the new computer. The system drive (the only one present in the new computer so far) has a clean install of Win11 Pro, so no prior encryption.

Then use this tutorial for encrypting your OS drive...

And this one for your data...
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
Thanks, I was already doing all that. The OS-drive tutorial only mentions Bitlocker's PIN and USB-drive options (which is what I'm getting), but not the password option (which was previously available when I used Bitlocker on Windows 10 computers, and which I've enabled in my new computer in gpedit, in accordance with the instructions in the link in my initial post, but it's still not showing up).
 

My Computer

System One

  • OS
    Windows 11 Pro
I just activated BitLocker on the C drive of my primary computer. It works seamless.

I also have 2 other computers that do not have TPM. My understanding is that you can save the key file to a flash drive and that the computer would not ask for a BitLocker password when you start your computer.

My question is if someone has access to the flash drive and the hard drive (and/or computer), can they gain access to the encrypted drive if they do not know the Windows logon password (with just the flash drive)?

Thanks!
 

My Computer

System One

  • OS
    Windows 11
I just activated BitLocker on the C drive of my primary computer. It works seamless.

I also have 2 other computers that do not have TPM. My understanding is that you can save the key file to a flash drive and that the computer would not ask for a BitLocker password when you start your computer.

My question is if someone has access to the flash drive and the hard drive (and/or computer), can they gain access to the encrypted drive if they do not know the Windows logon password (with just the flash drive)?

Thanks!
Your Bitlocker question seems unrelated to the topic of this thread. It would be helpful if you started your own thread for your question, so that people who are receiving notifications for this thread don't start getting notified of answers to your unrelated question. Thanks!
 

My Computer

System One

  • OS
    Windows 11 Pro
Your Bitlocker question seems unrelated to the topic of this thread. It would be helpful if you started your own thread for your question, so that people who are receiving notifications for this thread don't start getting notified of answers to your unrelated question. Thanks!
I in good faith asked a related question about BitLocker without TPM which this thread is about. I apologize if I crashed your party.
 

My Computer

System One

  • OS
    Windows 11
The thing to always ask yourself is this: does an answer to your question help answer the original question? If not, a separate thread is called for; that's what threads are for. Again, thanks for understanding!
 

My Computer

System One

  • OS
    Windows 11 Pro
"ideally I'd be able to set up a Bitlocker password" - why would you want that? The PIN is more secure. Passwords can be brute-forced, PINs can't, since they are defended by TPM lockout (only 32 tries!). The PIN is by far better.
 

My Computer

System One

  • OS
    Win11
"ideally I'd be able to set up a Bitlocker password" - why would you want that? The PIN is more secure. Passwords can be brute-forced, PINs can't, since they are defended by TPM lockout (only 32 tries!). The PIN is by far better.
I think some here are speaking on things they know nothing about. BitLocker is NOT a Windows log in scheme, it is a drive encryption scheme. Windows Hello has nothing to do with BitLocker. Though they both touch on TPM, that's where the distinction ends.

A BitLocker key (48 digit) for example is embedded in the TPM chip just as a 4-digit Windows Hello PIN so it is just as secure.

This info has been posted throughout these forums since Windows 11 announcement. I think some need to research before speaking on things they do not understand.
Those are just snippets of the info out there if one cares to look. Yeah, TPM ties into those, but each is its own entity with its own purpose.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 (Build 22631.3296)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 G2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, music, school.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built
    CPU
    Intel i7-7700K
    Motherboard
    Gigabyte GA-Z270X-GAMING 8
    Memory
    32G (4x8) DDR4 Corsair Dominator Platinum (3333Mhz)
    Graphics card(s)
    AMD Radeon R9 Fury
    Sound Card
    Onboard (Creative Sound Blaster certified ZxRi)
    Monitor(s) Displays
    Dell U2415 (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    3 Samsung SSD drives: 1x 512gig 950 NVMe drive (OS drive), 1 x 512gig 850 Pro, 1x 256gig 840 Pro.
    PSU
    EVGA Super Nova 1000 P2 (1000 watt)
    Case
    Phantek Enthoo Luxe
    Cooling
    Corsair H100i
    Mouse
    Logitech MX Master
    Keyboard
    Logitech MK 710
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
    Other Info
    This is my backup system.
I managed to get very muddled up with bitlocker and haven't yet had the nerve to reinstate it. I allowed Microsoft to keep the keys in my account which meant I could gain access and I had also written them down. One of the problems I had was in moving the SSD from one pc to another even after removing bitlocker first. At the moment I am relying on fTPM, secure boot and core isolation, plus pin and not saving any of my passwords.
 

My Computers

System One System Two

  • OS
    W11 pro beta
    Computer type
    PC/Desktop
    Manufacturer/Model
    home built
    CPU
    Athlon 3000G
    Motherboard
    Asrock A320M-HDV r4.0
    Memory
    16Gb Crucial DDR4 2400
    Graphics Card(s)
    onboard cpu
    Sound Card
    onboard
    Monitor(s) Displays
    AOC 27
    Screen Resolution
    2560-1440
    Hard Drives
    WD black SN750 M2 500Gb
    PSU
    500W Seasonic core 80+gold non modular
    Case
    Fractal Design Define R2
    Cooling
    front 2 x 120mm rear 100mm stock psu
    Internet Speed
    135/20
    Browser
    Firefox and edge
    Antivirus
    Windows Security and free Malwarebytes
  • Operating System
    W11 pro 64 beta (from W10 pro system builder pack)
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 7 5700G
    Motherboard
    MSI B450 tomahawk max II
    Memory
    4 x 8Gb Corsair Vengeance LPX 3000 DDR4
    Graphics card(s)
    onboard cpu
    Sound Card
    motherboard
    Monitor(s) Displays
    LG 21.5" IPS
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD 1Tb Black M2 SN850X on Asus hyper M2 X16 max V2 card
    PSU
    Be Quiet 400 semi modular 80+gold
    Case
    Coolermaster Silencio 650
    Cooling
    140mm front, 120 rear Akasa Vegas Chroma AM
    Internet Speed
    135/20
    Browser
    edge/Firefox
    Antivirus
    WD plus Malwarebytes free
I understand the author. He asks how to set a password (which can be 256 characters) instead of a 20 character pin. Unfortunately, I'm also looking, and I don't find how to enable it for my system drive. Has Microsoft removed this feature?
 

My Computer

System One

  • OS
    windows 11
I just activated BitLocker on the C drive of my primary computer. It works seamless.

I also have 2 other computers that do not have TPM. My understanding is that you can save the key file to a flash drive and that the computer would not ask for a BitLocker password when you start your computer.

My question is if someone has access to the flash drive and the hard drive (and/or computer), can they gain access to the encrypted drive if they do not know the Windows logon password (with just the flash drive)?

Thanks!
Add a bios password as well as bitlocker pin. This makes it virtually impossible for somebody to access encrypted drive even if pc is stolen. Withoit bios password, somebody could bypass windows login.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

Latest Support Threads

Back
Top Bottom