Change how BitLocker unlocks the operating system drive on startup in Windows 11/10

Windows users can enable or disable enhanced BitLocker startup PINs and can specify the minimum BitLocker startup PIN length in Windows 11 or Windows 10. In this article, we will show you how you can choose or change how BitLocker unlocks the OS C drive on startup with PIN, USB key or TPM.

Choose how BitLocker unlocks the Windows operating system drive on startup

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and responds to threats of data theft or exposure from lost, stolen, or decommissioned drives and computers. inappropriate. BitLocker will automatically unlock a BitLocker-encrypted OS drive with Trusted Platform Module (TPM) on startup by default in Windows 11/10, but you can also enable BitLocker for Windows OS drives without a TPM.

BitLocker will lock the drive from the operating system, and you will need a special BitLocker recovery key to unlock the drive if during startup a potential security risk is detected. for example, a BIOS firmware change. You can configure or change how BitLocker unlocks the operating system drive at startup in 3 ways, and we will discuss this method as follows:

Configure how BitLocker unlocks the operating system drive at startup with a PIN

Configure how BitLocker unlocks the operating system drive at startup with a PIN

To configure or change how BitLocker unlocks the operating system drive at startup with a PIN in Windows 11/10, follow these steps:

  • Hurry Windows key + R to invoke the Run dialog box.
  • In the Run dialog box, type control and press Enter to open the Control Panel.
  • In the upper right corner of the window, set the Seen by Possibility of Big Icons or Small icons.
  • Click on BitLocker Drive Encryption.
  • Then click on Change how the drive is unlocked on startup for the operating system drive (if you have configured multiple system drives) that you want to configure.
  • In the next window, click Enter a PIN code (recommended).
  • Now enter a PIN with the specified requirement and Enter the PIN again.
  • Click on Set PIN.
  • Close Control Panel.

Change how BitLocker unlocks the OS drive on boot with TPM

Configure how BitLocker unlocks the operating system drive on boot with TPM

To configure or change how BitLocker unlocks the operating system drive at startup with TPM in Windows 11/10, follow these steps:

  • Open Control Panel.
  • Click on BitLocker Drive Encryption.
  • Click on Change how the drive is unlocked on startup for the operating system drive (if you have configured multiple system drives) that you want to configure.
  • In the next window, click Let BitLocker automatically unlock my drive.
  • Click on To finish.
  • Close Control Panel.

Configure how BitLocker unlocks the operating system drive on boot with a USB flash drive

Configure how BitLocker unlocks the operating system drive on boot with a USB flash drive

To configure or change how BitLocker unlocks the operating system drive at startup with a USB flash drive in Windows 11/10, follow these steps:

  • Plug a USB drive into your system.
  • Open Control Panel.
  • Click on BitLocker Drive Encryption.
  • Click on Change how the drive is unlocked on startup for the operating system drive (if you have configured multiple system drives) that you want to configure.
  • In the next window, click Insert a USB flash drive.
  • Select the USB drive and click Save.

The flash drive will not be formatted, so you won’t lose anything currently on the USB. The BitLocker startup key for the operating system drive will be saved on the USB drive so that it can be used to unlock the operating system drive on startup.

That’s all about configuring or changing how BitLocker unlocks the operating system drive at startup in Windows 11/10!

How can I make BitLocker automatically unlock my drive?

You just click on Enable/Disable Auto Unlock respectively. Auto unlock also works on removable data drives. You can choose to enable automatic unlock when configuring BitLocker Drive Encryption on a data volume by checking Automatically unlock this drive on this computer in the BitLocker setup wizard.

How do I configure BitLocker to start automatically on boot?

To configure BitLocker to start automatically when you start your Windows 11/10 device, follow these steps:

  • Open the Group Policy Editor.
  • Move towards Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  • In the location, in the right pane, double-click the Require additional authentication at startup option.
  • Set the radio button to Enabled at the top of the policy properties window.

Can BitLocker be enabled automatically?

Automatic BitLocker device encryption is enabled only after users sign in with a Microsoft account or an Azure Active Directory account. Automatic BitLocker Device Encryption is not enabled with local accounts, in which case BitLocker can be enabled manually using the BitLocker Control Panel.

What is BitLocker Pre-Boot Authentication?

Pre-Boot Authentication with BitLocker is a policy setting that requires the use of user input, such as a PIN, startup key, or both to authenticate before rendering drive content accessible system. BitLocker recovery mode can be triggered by a number of situations, including a malicious attempt by someone or software to modify the boot environment – rootkits are one example, another moves the BitLocker-protected drive to a new computer.

Comments are closed.