Allow enhanced PINs for startup

Information

This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.

Enhanced startup PINs permit the use of characters including uppercase and lowercase letters symbols numbers and spaces. This policy setting is applied when you turn on BitLocker.

If you enable this policy setting all new BitLocker startup PINs set will be enhanced PINs.

Note: Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup.

If you disable or do not configure this policy setting enhanced PINs will not be used.

Solution

Policy Path: Windows Components\BitLocker Drive Encryption\Operating System Drives
Policy Setting Name: Allow enhanced PINs for startup

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-5c., 800-53|SC-28(1)

Plugin: Windows

Control ID: 0a5f7db75089602e28bf3f24f7d5e667a7192a8a4fca05d178a5fcdf455b61db