Versions Compared

Old Version 7

changes.mady.by.user Dick Visser

Saved on

compared with

New Version 8

changes.mady.by.user Dick Visser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The defaults for BitLocker are a pretty lame (i.e. anyone has access to the data on your laptop data), so here's how to do it properly.

...

Enable non-numeric PINs

Later on we want a PIN code will to be required for unlocking the drive. By default this can only consist of digits. For better security, we want to have all the characters availableFor reasons that are beyond me Microsoft have chosen a PIN (only digits) to be the default, and not a password (any character). Obviously we want to be able to use all the characters. This is done by enabling the "Allow enhanced PINs for startup" setting in the Local Group Policy Editor (gpedit.msc):

...

Windows will now generate a recovery key. Save a copy onto the TWO USB sticks (one backup is no backup) labelled "Bitlocker keys" in the a physical key safe that hangs on the wall in the ITS office.

If the PIN ever gets lost/forgotten, or some boot parameters are changes, you need it to boot the computer with.

...