How to Use BitLocker with PIN

1. Boot into BIOS (Setup menu) and confirm that the system is in UEFI mode - TPM is activated.
   • Under Post Behavior, confirm that Fastboot mode is set to Thorough.
2. Boot into the operating system. Set up BitLocker on the wanted drive and reboot to begin the encryption.
   • This will not allow for a PIN - You must set BitLocker on this system prior to changing the group policy to create the PIN.
3. Upon Reboot, open up gpedit.msc. This brings up your group policy options.
   • Go to Computer Configuration; Administrative Templates; Windows Components; BitLocker Drive Encryption; Operating System Drives.
     • In the right pane - double-click Require additional authentication at startup and a box opens.
       1. Ensure that the Enabled option is chosen so that all the other options are active.
       2. Clear the box for Allow BitLocker without a compatible TPM.
       3. For the choice of Configure TPM startup, choose Allow TPM.
       4. For the choice of Configure TPM startup PIN: , choose Require startup PIN with TPM.
       5. For the choice of Configure TPM startup key: , choose Allow startup key with TPM.
       6. For the choice of Configure TPM startup key and PIN: , choose Allow startup key and PIN with TPM.
       7. Click the Apply button and then the OK button to save the changes in the Local Group Policy Editor.
4. Stay under the BitLocker Drive Encryption > Operating System Drives.
   • In the right pane - double-click Enable use of BitLocker Authentication requiring preboot keyboard input on slates.
     1. Ensure that the Enabled option is chosen to activate.
     2. Click the Apply button and then the OK button to save the changes in the Local Group Policy Editor.
5. Reboot the system once more.
6. Launch an Admin Command Prompt (Elevated Command Prompt).
   1. Excluding the quotation marks, enter the command: manage-bde -protectors -add c: -TPMAndPIN
   2. You are prompted to enter the PIN. Enter a number between four and seven digits. The cursor will not register the keystrokes as you enter the number.
   3. Press the Enter key to save the PIN, and you are prompted to enter the PIN again to confirm. Press the Enter key again to save the PIN confirmation - It runs through the commands showing it as saved.
7. Reboot the system once more, and it prompts for a PIN with the Slate Keyboard.

BitLocker will prompt for PIN on each reboot after this is completed.

For related information, see article: Using the Group Policy Editor to Enable BitLocker Authentication in the Pre-Boot Environment for Windows 7 / 8 / 8.1 / 10