none
Bitlocker doesn't ask for a PIN RRS feed

  • Question

  • Hi, guys!

    I'm trying to activate bitlocker on HP Laptops using powershell script

    After script finishes on the disk icon I see locker with warning triangle.

    manage-bde shows that I have TPMandPIN and RecoveryPassword protectors

    After reboot nothing happens.

    If I turn on bitlocker manually I see locker on the disk icon

    manage-bde shows that I have TPMandPIN and RecoveryPassword protectors again and after reboot it asks for a PIN

    What could be a problem?

    Wednesday, August 31, 2016 8:33 PM

Answers

  • Hi Zlodey_gtn,

    We can use the manage-bde command line to enable TPM And PIN, if it don‘t prompt at started up computer.  You can check this by typing in

    manage-bde –status

    If you get a return result under the Key Protectors of “TPM”, and also “TPM And PIN” you’re not gonna get a prompt during startup. So, you need to remove the TPM only during startup. To do this I used this command.

    manage-bde –protectors –delete c: –type tpm

    Go ahead and check if that reflected by using the “manage-bde –status” command again and you should notice you’re left with “TPM And PIN”. Reboot your machine

    Please refer to the link below to get more information

    https://weikingteh.wordpress.com/2011/04/18/how-to-enable-bitlocker-to-prompt-for-pin-during-startup/

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope it will be helpful to you


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, September 1, 2016 8:44 AM
    Moderator

All replies

  • Hi Zlodey_gtn,

    We can use the manage-bde command line to enable TPM And PIN, if it don‘t prompt at started up computer.  You can check this by typing in

    manage-bde –status

    If you get a return result under the Key Protectors of “TPM”, and also “TPM And PIN” you’re not gonna get a prompt during startup. So, you need to remove the TPM only during startup. To do this I used this command.

    manage-bde –protectors –delete c: –type tpm

    Go ahead and check if that reflected by using the “manage-bde –status” command again and you should notice you’re left with “TPM And PIN”. Reboot your machine

    Please refer to the link below to get more information

    https://weikingteh.wordpress.com/2011/04/18/how-to-enable-bitlocker-to-prompt-for-pin-during-startup/

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope it will be helpful to you


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, September 1, 2016 8:44 AM
    Moderator
  • Hi Zlodey_gtn,

    Haven't received your message a few days, was your issue resolved? Because the case may be closed few days later.
    If you feel the suggestion could be helpful to you, please "mark it as answer" to help other community members who have same questions and find the helpful reply quickly.
    If no, please feel free to post back and tell us the current situation in order to provide further help.
    Best regards,
    Carl Fan


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 13, 2016 6:59 AM
    Moderator