Bitlocker Minumum PIN Lengh change in Creator / RS2 RRS feed

  • Question

  • Can anyone explain why the Bitlocker Minimum PIN Length was changed to 6 digits in RS2?

    Back to Windows 7 it policy has allowed 4 digit PIN. In Creator the policy clearly changed Minimum PIN length to 6.  Seems like a small deal but when you support an enterprise of  100,000 users there will be an associated cost from ticket volume of users having problems.

    Friday, May 5, 2017 2:43 PM

All replies

  • Dear John,

    From this Microsoft documentation, we can see the minimum PIN length is still 4 digits.

    BitLocker Group Policy settings

    But as you said, when I open group policy editor on a 1703 machine, I notice the minimum length has been changed to 6 digits.

    However, there is an interesting thing, we still can configure the value as 4, then click Apply. You could have a try to see if can be effective.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Monday, May 8, 2017 3:08 AM
  • We have 4 configured in our domain policy but manage-bde and MBAM both say minimum is 6. 

    Friday, May 12, 2017 5:08 PM
  • Hi! We just discovered the same change. Even if you configure 4 numbers it want 6 numbers to be entered as minimum and be compliant. Even MBAM server change log does not mention that. Nor the official TechNet documentation.
    Wednesday, May 24, 2017 1:00 PM
  • Has anyone ever found a work-around for this?  My environment uses 4 digit pins.  Having a small subset of users required to use a 6 digit pin is a PITA.
    Friday, July 28, 2017 4:17 PM
  • No. When you go with clean install on that build number, it will require 6 numbers. But it is a little bit hard to tell this users.
    Sunday, August 6, 2017 7:37 AM
  • I've heard Rumor through TAP that this will be fixed in RS3 and possibly RS2. the Fix  will allow minimum PIN length of 4 digits.

    Can anyone provide details or confirm this?  This bug has the potential to be expensive.  Users changing their PIN via MBAM (per company policy) receive a non specific error.  MBAM instructions still say 4 digits are allowed.  Help desk calls could total in the millions. 

    Wednesday, September 6, 2017 12:31 PM
  • Hi John,

    I'm on the same trail and have also posted a follow up to your question/experiences here (

    I have a machine with Win10 RS2 installed (currently being updated to RS3) and I can confirm that a 4 digit PIN can be set (I used the manage-bde command).


    Thursday, September 28, 2017 10:05 AM
  • Just to confirm, by RS2/RS3 I meant the Windows Insider programme.

    All Insider builds up to and including Win10 1703 16299.15 will accept a 4 digit PIN.


    Tuesday, October 3, 2017 11:41 AM
  • Build 17017.1000 accepts a 4 digit Pin.......


    Monday, October 16, 2017 12:32 PM