So from my earlier post, I choose to enable BitLocker encryption. For the more paranoid users, there may be a desire to intensify security.
After I went through the excruciating long wait for my drives to finish encrypting, I wanted to enable pin authentication on startup. I thought this would automatically be enabled but for me it wasn’t.
The process for this was super easy but a simple search did not render any useful documentation so I figured I would just post how to do it.
The first part of the process required editing the Windows Group Policy. Group policies are awesome, definitely worth exploring! “Group Policy provides the centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment” (Wikipedia).
In Windows 8, simple search or type “group policy” on the startup page. Select “Edit group policy.”
From the tree on the left of the policy window, go to:
Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives
Open the setting, “Require additional authentication at startup.”
The only change I made was to enable the authentication setting, I kept all default settings. Be aware, this may not be ideal for users who do not have TPM because the machine might expect a USB key which is a pain to require for each startup. TPM stands for Trusted Platform Module and version 1.2 can be found on most Windows systems older than 2011.
After changing the group policy, force your computer to update by running the command:
Lastly, go into BitLocker management and edit the startup setting from the “Change how drive is unlocked at startup” option. Add a pin or whatever else to beef up your security.