메인 콘텐츠로 이동
  • 빠르고 간편하게 주문
  • 주문 보기 및 배송 상태 추적
  • 제품 목록을 생성 및 액세스

Using the Group Policy Editor to Enable BitLocker Authentication in the Pre-Boot Environment for Windows 7 / 8 / 8.1 / 10

요약: Steps for enabling BitLocker authentication in the Pre-Boot Environment for Windows 7, 8, 8.1, and 10.

이 문서는 다음에 적용됩니다. 이 문서는 다음에 적용되지 않습니다. 이 문서는 특정 제품과 관련이 없습니다. 모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.

증상


The following article contains information about creating and using BitLocker with a Personal Identification Number (PIN).


Table of Contents:

  1. How to Create a BitLocker Pre-Boot Security Prompt Requiring a Personal Identification Number (PIN)
  2. Activate the TPM
  3. Enable BitLocker
  4. Edit the Group Policy
  5. Use the Command Prompt to Create a PIN
  6. Windows 10 Steps

How to Create a BitLocker Pre-Boot Security Prompt Requiring a Personal Identification Number (PIN)

As an extra layer of security, an administrator may choose to create a BitLocker preboot security prompt requiring a Personal Identification Number (PIN). This feature is available in Windows 7 Enterprise and Ultimate, and Windows 8 Enterprise and Ultimate. It can only be enabled on systems with a Trusted Platform Module (TPM) chip, typically a Latitude, OptiPlex, or Dell Precision system.

The process below is an advanced procedure and should only be attempted with the knowledge of the system administrator. The details are written for the audience of a system administrator.


Activate the TPM

  1. Use the security features of your system’s BIOS to enable the TPM.
  2. Check the box to clear the TPM, apply changes, and exit the BIOS.
  3. Boot into the BIOS again and use the security features of your system’s BIOS to activate the TPM.
  4. Apply changes and exit the BIOS.
Back to Top
 

Enable BitLocker

  1. Boot into Windows.
  2. Use the preferred Microsoft process to Enable BitLocker and encrypt the entire disk containing the Operating System.
Back to Top
 

Edit the Group Policy

  1. Open the Group Policy Editor by using the "Run…" executable, typing in "gpedit.msc" and clicking the "OK" button.
  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  3. In the right pane, double-click "Require additional authentication at startup" and a popup box will open.
  4. Make sure the "Enabled" option is chosen so that all other options below will be active.
  5. Uncheck the box for "Allow BitLocker without a compatible TPM."
  6. For the choice of "Configure TPM startup:", choose "Allow TPM."
  7. For the choice of "Configure TPM startup PIN:", choose "Require startup PIN with TPM."
  8. For the choice of "Configure TPM startup key:", choose "Allow startup key with TPM."
  9. For the choice of "Configure TPM startup key and PIN:", choose "Allow startup key and PIN with TPM."
  10. Click the "Apply" button and then the "OK" button to save the changes in the Local Group Policy Editor.
Back to Top
 

Use the Command Prompt to Create a PIN

  1. Open an elevated Command Prompt window with administrator rights.
  2. Excluding the quotation marks, enter the command "manage-bde -protectors -add c: -TPMAndPIN".
  3. You are prompted to enter the PIN. Enter a number between four and seven digits. The cursor will not register the keystrokes as you enter the number.
  4. Hit the Enter key to save the PIN, and you are prompted to enter the PIN again to confirm. Hit the Enter key again to save the PIN confirmation.
  5. Excluding the quotation marks, enter the command "manage-bde -status."
  6. The BitLocker Drive Encryption status shows the "Key Protectors:" as "Numerical Password," "TPM and PIN."
  7. Now, each time the user boots the system, they receive a BitLocker preboot security prompt requiring the PIN to be entered before access to the operating system is granted.
Back to Top
 

Windows 10 Steps

The following link contains steps for Windows 10:
BitLocker Group Policy Settings SLN171842_en_US__1iC_External_Link_BD_v1

If you have further questions about this article, contact Dell Technical Support.

Back to Top
 

해당 제품

Security, Software
문서 속성
문서 번호: 000127780
문서 유형: Solution
마지막 수정 시간: 10 4월 2021
버전:  3
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.