{"id":290,"date":"2014-01-03T09:26:02","date_gmt":"2014-01-03T16:26:02","guid":{"rendered":"http:\/\/somethingk.com\/main\/?p=290"},"modified":"2014-01-03T09:26:34","modified_gmt":"2014-01-03T16:26:34","slug":"bitlocker-enable-pin-windows-8","status":"publish","type":"post","link":"https:\/\/somethingk.com\/main\/bitlocker-enable-pin-windows-8\/","title":{"rendered":"BitLocker Enable Pin Windows 8"},"content":{"rendered":"<p>So from my earlier <a title=\"Hard Drive Encryption\" href=\"http:\/\/somethingk.com\/main\/?p=268\">post<\/a>, I choose to enable BitLocker encryption. For the more paranoid users, there may be a desire to intensify security.<\/p>\n<p>After I went through the excruciating long wait for my drives to finish encrypting, I wanted to enable pin authentication on startup. I thought this would automatically be enabled but for me it wasn&#8217;t.<\/p>\n<p>The process for this was super easy but a simple search did not render any useful documentation so I figured I would just post how to do it.<\/p>\n<p>The first part of the process required editing the Windows Group Policy.\u00a0<a title=\"Group Policy\" href=\"http:\/\/en.wikipedia.org\/wiki\/Group_Policy\" target=\"_blank\">Group policies<\/a> are awesome, definitely worth exploring! <em>&#8220;Group Policy provides the centralized management and configuration of operating systems, applications, and users&#8217; settings in an\u00a0<a title=\"Active Directory\" href=\"http:\/\/en.wikipedia.org\/wiki\/Active_Directory\">Active Directory<\/a>\u00a0environment&#8221;<\/em> (Wikipedia).<\/p>\n<p>In Windows 8, simple search or type &#8220;group policy&#8221; on the startup page. Select &#8220;Edit group policy.&#8221;<\/p>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/CAPTURE4.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter size-medium wp-image-296\" alt=\"Find Group Policy\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/CAPTURE4-300x168.png\" width=\"300\" height=\"168\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/CAPTURE4-300x168.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/CAPTURE4-1024x576.png 1024w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/CAPTURE4.png 1776w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>From the tree on the left of the policy window, go to:<\/p>\n<p><strong>Local Computer Policy -&gt; Computer Configuration -&gt; Administrative Templates -&gt; Windows Components -&gt; BitLocker Drive Encryption -&gt; Operating System Drives<\/strong><\/p>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture1.png\"><img decoding=\"async\" class=\"aligncenter size-medium wp-image-293\" alt=\"Group Policy\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture1-300x155.png\" width=\"300\" height=\"155\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture1-300x155.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture1-1024x530.png 1024w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture1.png 1273w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Open the setting, &#8220;Require additional authentication at startup.&#8221;<\/p>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture2.png\"><img decoding=\"async\" class=\"aligncenter size-medium wp-image-294\" alt=\"Addition BitLocker Security\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture2-300x277.png\" width=\"300\" height=\"277\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture2-300x277.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture2.png 693w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>The only change I made was to enable the authentication setting, I kept all default settings. Be aware, this may not be ideal for users who do not have <a title=\"TPM\" href=\"http:\/\/en.wikipedia.org\/wiki\/Trusted_Platform_Module\" target=\"_blank\">TPM<\/a>\u00a0because the machine might expect a USB key which is a pain to require for each startup. TPM stands for Trusted Platform Module and version 1.2 can be found on most Windows systems older than 2011.<\/p>\n<p>After changing the group policy, force your computer to update by running the command:<\/p>\n<pre>gpupdate<\/pre>\n<p>Lastly, go into BitLocker management and edit the startup setting from the &#8220;Change how drive is unlocked at startup&#8221; option. Add a pin or whatever else to beef up your security.<\/p>\n<p><a href=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-295\" alt=\"BitLocker Menu\" src=\"http:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture3-300x162.png\" width=\"300\" height=\"162\" srcset=\"https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture3-300x162.png 300w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture3-1024x554.png 1024w, https:\/\/somethingk.com\/main\/wp-content\/uploads\/2014\/01\/Capture3.png 1155w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Complete.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So from my earlier post, I choose to enable BitLocker encryption. For the more paranoid users, there may be a desire to intensify security. After I went through the excruciating long wait for my drives to finish encrypting, I wanted to enable pin authentication on startup. I thought this would automatically be enabled but for me it wasn&#8217;t. The process [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[88,87,86,91,92],"class_list":["post-290","post","type-post","status-publish","format-standard","hentry","category-windows","tag-bitlocker","tag-encryption","tag-hard-drive","tag-pin","tag-tmp"],"_links":{"self":[{"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/posts\/290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/comments?post=290"}],"version-history":[{"count":4,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/posts\/290\/revisions"}],"predecessor-version":[{"id":298,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/posts\/290\/revisions\/298"}],"wp:attachment":[{"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/media?parent=290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/categories?post=290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/somethingk.com\/main\/wp-json\/wp\/v2\/tags?post=290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}