Would you like to learn how to use Bitlocker to encrypt the operating system drive using TPM and PIN? In this tutorial, we are going to show you how to encrypt a drive using Bitlocker with TPM and PIN on a computer running Windows.
• Windows 2012 R2
• Windows 2016
• Windows 2019
• Windows 10
• Windows 7
Equipment list
The following section presents the list of equipment used to create this tutorial.
As an Amazon Associate, I earn from qualifying purchases.
Related tutorial – PowerShell
On this page, we offer quick access to a list of tutorials related to PowerShell.
Tutorial Bitlocker – Enable the use of TPM and PIN
As an administrator, start the group policy editor.
On the group policy editor screen, expand the Computer configuration folder and locate the following item.
Access the folder named Operating System Drives.
Enable the item named: Require additional authentication at startup.
Click on the OK button.
To save the group policy configuration, you need to close the Group Policy editor.
Restart the computer.
Congratulations! You have finished the GPO configuration.
Tutorial Powershell – Encrypt the disk using Bitlocker with TPM and PIN
As an Administrator, start an elevated Powershell command-line.
Verify if the computer has a TPM Chip enabled.
Here is the output of a computer with TPM enabled.
List the drives available.
Here is the command output.
Encrypt the Operating System drive using Bitlocker, TPM, and a PIN code.
The PIN must have 6 digits.
Here is the command output.
Create a recovery password.
Take note of the Bitlocker recovery password.
Restart the computer.
Verify the Bitlocker encryption status.
Here is the command output.
Wait for the drive encryption to finish.
The computer will request the PIN to start.
Congratulations! You have encrypted the system drive using Bitlocker, TPM and a PIN.
