ITS

Information Technology Services
Information Technology Services

Add a PIN to a Previously Encrypted Drive

In some cases, your computer may already be encrypted but not requiring you to enter a PIN on startup. Since having a PIN on startup is the ITServices recommended configuration here are the steps to add a PIN. Please note that a TPM is required for the addition of a PIN. If your computer does not have a TPM, please consider one of the alternative options for encryption on the Encryption Requirements page.

  1. Open the Windows Command Prompt as an administrator
    • In Windows 8.1, go to the Start screen and type cmd. Right-click on Command Prompt when it appears in the list and choose "Run as administrator"
    • In Windows 7, click the Start menu and type cmd into the search box. Right-click on Command Prompt when it appears in the list and choose "Run as administrator"

    screenshot illustrating above step

  2. If you are using a TPM type the following command:
    screenshot illustrating above step
    • You will be prompted to enter a PIN and then re-enter it to confirm
    • If you receive the error, "Group Policy settings do not permit the use of a PIN at startup. Please choose a different BitLocker startup option", this means that your Group Policy settings are not set properly. Please refer to the BitLocker Tutorials for your Operating System/Configuration of choice and complete the Group Policy settings steps 1 - 3.
    • If you receive any errors, or do not believe you are using a TPM and have questions about encryption, please call the IT Support Centre at 613-533-6666.
?