Windows 11 Pro - Bitlocker does not work anymore with: Password only (Do not want to use TPM+PIN)


HansFlohmann

New member
Local time
5:00 AM
Posts
4
OS
Windows 11 Pro Build: 22631
Hey,

I bought an new PC and sold my old one (destroyed my SSD). I had Windows 10 Pro before, with some policy changes I could activate Bitlocker without using TPM+Pin.

I am an private investigator and work with private personal information, so I want the data to be 100% secure. I read that TPM had exploits in the past, that is why I do not want to risk working with it. My password is in my mind and pretty long, so impossible to bruteforce.

My question:

I have Windows 11 Pro, my PC has TPM of course but I just want to activate Bitlocker with password only. How do I do that? The old method with changing policys like in the tutorials you see everywhere does not work. In some forum they said deactivating TPM in BIOS should work but is there another way maybe with command line or changin group policys?

Thanks for any help/advice.
 

My Computer

System One

  • OS
    Windows 11 Pro Build: 22631
    Computer type
    PC/Desktop
Hi, Hans. Welcome to the ElevenForums 🙏

Our tutorial writer and admin Brink, added a few Bitlocker related tutorials today. One of them is a context menu addon. In that tutorlal, it states:

When you turn on BitLocker or Device Encryption for a drive, Manage BitLocker is added to that drive's context menu. The "Manage BitLocker" context menu opens the BitLocker Drive Encryption control panel where you can manage BitLocker settings for the drive, such as: Suspend/Resume protection, Back up recovery key, Turn on/off BitLocker, Change password, Add/Remove password, Turn on/off auto-unlock, etc..

Perhaps take a look. But I know for a fact that there are some pretty switched on members that can most likely set you straight on a few things related to Bitlocker. Members will jump in when they are available.

 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 Build: 22631.3880
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    4 x LG 23MP75 1 x 24" LG M38H 1 x 32" LF6300 TV Monitor 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    2 x WD something Something 8TB HDD's / 2 x WD something Something 4TB HDD's / 1 x EVO 1TB SSD / 2 x QVO 1TB SSD's / 1 x EVO 250 GB SSD / 2 x QVO 1TB (External Hub) / 1 x EVO 1TB (Portable Backup Case)
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    100/40Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 22621.2215
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Graphics processor is an Intel Iris Xe
    Sound Card
    optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Other Info
    …still on a horse.
I’ll just add; I believe you can enable an enhanced PIN, which allows letters and numbers in your PIN. TPM and PIN is considered a more secure method than a password. So if allowing letters and numbers in a PIN, you could most likely use your current password. (I am uncertain about special characters)
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 Build: 22631.3880
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    4 x LG 23MP75 1 x 24" LG M38H 1 x 32" LF6300 TV Monitor 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    2 x WD something Something 8TB HDD's / 2 x WD something Something 4TB HDD's / 1 x EVO 1TB SSD / 2 x QVO 1TB SSD's / 1 x EVO 250 GB SSD / 2 x QVO 1TB (External Hub) / 1 x EVO 1TB (Portable Backup Case)
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    100/40Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 22621.2215
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Graphics processor is an Intel Iris Xe
    Sound Card
    optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Other Info
    …still on a horse.
Hello Hans, and welcome. :alien:

TPM is used by default for the operating system drive with BitLocker, but you can set it to use a PIN or enhanced PIN instead to unlock the OS drive at startup. The tutorials below can help show you more on how to, but please feel free to ask any questions you may have.



 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
But the enhanced PIN is using TPM, that is my issue. I want to just encrypt it with an password, like you can do it on external SSD for example.

On Windows 10 Pro you could just change the policy settings so it does not allow Bitlocker to use TPM, but changing that setting does not work anymore in Windows 11 Pro.

Hello Hans, and welcome. :alien:

TPM is used by default for the operating system drive with BitLocker, but you can set it to use a PIN or enhanced PIN instead to unlock the OS drive at startup. The tutorials below can help show you more on how to, but please feel free to ask any questions you may have.



 

My Computer

System One

  • OS
    Windows 11 Pro Build: 22631
    Computer type
    PC/Desktop
But the enhanced PIN is using TPM, that is my issue. I want to just encrypt it with an password, like you can do it on external SSD for example.

On Windows 10 Pro you could just change the policy settings so it does not allow Bitlocker to use TPM, but changing that setting does not work anymore in Windows 11 Pro.
Unfortunately, you can't use a password on the OS drive. An enhanced PIN is like using a password though.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
You can also use Bitlocker with TPM, put your more sensitive contents in another password-protected Bitlocker drive or in a password-protected Veracrypt container. Not exactly what you are asking for, but possibly all you can get.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex Micro 5000
    CPU
    Intel Core i5-12500T
    Memory
    2 x 8GB DDR4 SO-DIMM 3200

Latest Support Threads

Back
Top Bottom