none
How to deactivate Num Lock in Bitlocker with Build 1703? RRS feed

  • Question

  • We are using laptop devices with activated Bitlocker encryption using passphrases. Starting with Build 1703 (Creator's Update), Num Lock is active by default when entering the passphrase for decryption.

    However, our laptop devices (as it is very common) have an embedded number pad, meaning that pressing e.g. J, K, L produces 1, 2, 3 as input when numlock is active.

    Users that have e.g. J, K or L in their passphrases now input 1, 2 or 3, leading to a wrong passphrase, unless Num Lock is disabled before entering the passphrase.

    This change of behavior started with Build 1703 and is also documented by users on superuser, however, I am unable link to them as this is a new TechNet forums account.

    We are looking for a way to disable Num Lock during passphrase entry, as our users now commonly report that their passphrases are incorrect.


    Saturday, May 6, 2017 7:20 PM

All replies

  • Hi Johan, 

    Have you tried the registry key fix or the BIOS settings to disable Number lock? 

    Registry: 

    HKEY_USERS\Default\Control Panel\Keyboard

    InitialKeyboardIndicators = 0

    BIOS:

    Most computers, including virtual machines will have a BIOS setting that controls whether or not NumLock is enabled or disabled at startup. Also, I would like to confirm how you decrypt your Bitlocker on Startup as your configuration. 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 9, 2017 6:58 AM
    Owner
  • Hi Kate,

    thank you for your help. Unfortunately, even after doing these steps, the problem remains.

    Registry:

    The registry key shows no effect as we are talking about the Bitlocker pre-boot environment here.

    BIOS:

    The BIOS/EFI Num Lock setting always get overridden by the Bitlocker pre-boot environment. Before Build 1703, Num Lock was always turned off in the Bitlocker pre-boot environment, with Build 1703 it is now always turned on. The Bitlocker pre-boot environment ignores the BIOS/EFI settings.

    This is also corroborated by a superuser post titled "How do I enable Num Lock by default at the BitLocker boot PIN/password prompt?".

    Our Configuration:

    First of all, our machines commonly do not have a TPM. Therefore we change the group policy "Require additional authentication at startup" to Enabled and furthermore activate the option "Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)".

    In the Bitlocker encryption wizard, at the step "Choose how to unlock your drive at startup" our users select "Enter a password", and they are free to choose their own password.

    After starting their laptops, our users then enter their password in the Bitlocker pre-boot environment.

    Due to a change of behavior starting with Build 1703, users on laptop computers with embedded number pads now always have to manually disable Num Lock before entering their password (using a more or less complicated keyboard hotkey), as otherwise half of their keyboard would yield unintended input.


    Wednesday, May 10, 2017 8:38 AM
  • Hi, 

    Before change BIOS Num lock  settings, please first suspend Bitlocker, after change to disable Number lock, let's resume BitLocker, then check if we can get this done. 

    Also, we can recheck if the BIOS settings has been change back after you restart PC. 

    In addition, please help to confirm if the the registry key was change back after restart the PC. If so, let's audit this registry key to see who change this. 

    Advanced security audit policy settings

    https://docs.microsoft.com/en-us/windows/device-security/auditing/advanced-security-audit-policy-settings


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 11, 2017 9:41 AM
    Owner
  • I can also confirm this new behaviour in the pre-boot BitLocker key prompt since 1703. Had to plug in an external keyboard as this laptop had no numlock key at all to turn it off. I don't have time to faff around as my user needs their computer back so changed the key to include numbers where the letters were so the user still thinks its the same key.
    Thursday, May 18, 2017 10:48 AM
  • So has anyone found a solution to this problem.

    In my case the numlock is disabled before bitlocker starts (for example in the BIOS or another OS) and it's disabled at the Windows 10 login screen, even if it was left enabled after the bitlocker screen. But JUST for bitlocker it's enabled and on this machine it's impossible to enter the password without turning off NumLock.

    Tuesday, August 8, 2017 3:06 PM
  • Same issue for me.

    Acer Swift 3 laptop BIOS does NOT have a Numlock setting, so it cannot be disabled there. But, by default, if I enter the password incorrectly on pre-boot BitLocker PIN, Numlock automatically turns off, then if I retype the password, it works. It's consistent through reboots/shutdown. First time enter password, fails, second time, works.

    I also had tried what was suggested above, but it didn't work:

    1. "Suspend protection" in BitLocker in the OS

    2. Setting the Registry value:

    HKEY_USERS\Default\Control Panel\Keyboard

    InitialKeyboardIndicators = 0

    3. Then, "Resume Protection" in BitLocker

    4. Verified registry value was still set to "0"

    5. Restarted PC, but Numlock was still enabled on the first password attempt.

    If anyone has a solution, I'd love to hear it.

    Wednesday, January 10, 2018 11:09 PM
  • We are having the same issue in Windows 10 1709.

    Numlock is off in the bios and at the windows login screen, but is enabled at the bitlocker pin screen.

    Making the registry change had no effect.

    Friday, January 12, 2018 3:29 PM
  • Just to add - I have the same issue here, its a shame that the MS Éxperts' seem to not understand what we are trying to achieve, Its ok to not know anything, but to give advice on those subjects is a waste of everyones time!

    Rant over - Bitlocker preboot PIN in 1709. numlock is enabled on the PIN entry screen too, BIOS doesn't have a numlock control (Getac V110) and once through the Bitlocker PIN screen, numock is disabled when windows loads. 

    Numlock control in the pre-boot environment is required, or the setting put back as it used to be, which was numlock off in the preboot.

    Sunday, March 25, 2018 10:18 PM
  • As this topic is still not resolved for me, and google won't help either, I'm trying to describe the problem a bit more detailed:

    I'm using Win10 Enterprise build 1709. I have activated Bitlocker encryption with TPM/PIN (a word without numbers). I set NumLock "deactivated" in BIOS settings. This works fine most of the time, even in the OS environment (NumLock standard off by group policy).

    But: As the System starts, the blue BDE-screen comes up. NumLock LED is ON, parts of my password are interpreted as numbers (e.g. "L=3", Laptop without numeric key section. Normal behaviour, as far as concerning normal NumLock function for NL on).

    As soon as I press "Enter" (even without typing a password) the NumLock-LED turns off. My password is then correctly interpreted, no numbers ("L=L", again, normal NumLock behavior for NL off).

    Every time I start the machine, I have to press "Enter", NumLock turns off, I get "wrong password, please try again", and then I can enter the password correct. (Of course I could turn NL off by pressing <FN+Numlock>, but thats not what I set "NumLock deactivated" in BIOS for, it's an inconvenient shortcut and to much to be expected of the standard non-experienced users here.)

    (ESC switches NL off, too, but then I could not get back from restore screen to password screen)

    So Bitlocker seems to know NumLock should be turned off, just not at the very beginning. Why is this? I hope this can clarify the issue a bit.

    Thank you in advance for your help!

    Sunday, August 19, 2018 11:05 AM
  • Same issue here (Vaio SVT) (Winver 1803)

    Peter

    Friday, September 7, 2018 3:32 PM
  • why does M$ do this kind of garbage? 

    non of the "fixes" above works!!  stupid numlock comes on right when the bitloclker screen shows up

    THIS MESSES WITH THE KEYBOARD AND PASSOWORDS!!!!  LEAVE IT OFF!!!!

    if anyone has a fix...im all ears....

    note-- this is NOT a computer/hardware issue-- if I boot into bios, num lock is OFF.  it only comes on when stupid bitlocker passwords screen shows up.  arrrggggghhhh…. so frustrating as the previous win 7 did NOT do this!!!


    • Edited by Cleatus45 Friday, November 8, 2019 1:31 PM
    Friday, November 8, 2019 1:31 PM