In this article, learn how to configure minimum PIN length for startup, if you've enabled BitLocker on operating system volume with TPM installed machine.

We all know that BitLocker can be enabled on operating system drive as mentioned in this guide. If your system has TPM installed, you can setup startup PIN to unlock OS drive, as your system starts. In case, if you don’t have TPM installed, you can allow BitLocker without compatible TPM and using traditional password.

Okay, so when you enable BitLocker on a system with TPM installed, you’ll configure a startup PIN. In this article, we’ll see how to setup minimum length for this startup PIN.   Please do not get confuse with PIN complexity, which is a different thing for Windows 10. It is basically used in organizations and is intended only for Windows 10 PIN, not the BitLocker startup PIN.

You can configure this minimum PIN length using simple registry manipulation as mentioned below.

How To Configure Minimum PIN Length For Startup In Windows 10

Registry Disclaimer: The further steps will involve registry manipulation. Making mistakes while manipulating registry could affect your system adversely. So be careful while editing registry entries and create a System Restore point first.

1. Press W8K + R and type regedit in Run dialog box to open Registry Editor (if you’re not familiar with Registry Editor, then click here). Click OK.

Windows 10 Registry Editor

2. In left pane of Registry Editor window, navigate to following registry key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft

How To Configure Minimum PIN Length For Startup In Windows 10

3. Right click Microsoft registry key, select New > Key. Name the newly created sub-key as FVE. Now in the right pane of FVE registry key (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE), right click and select New > DWORD Value. Name the newly created registry DWORD (REG_DWORD) as MinimumPIN. Double click on the DWORD to modify its Value data:

How To Configure Minimum PIN Length For Startup In Windows 10

4. The default Value data for this DWORD is 6, which means the minimum length of startup PIN should be 6. You can set the Value data from 6 to 20 on Decimal base depending upon your requirement. Click OK. Close Registry Editor and reboot to make changes effective.

Group Policy Setting: If you want to configure minimum PIN length for startup on multiple machines in your organization/workplace, you can deploy the relevant GPO setting. Set Configure minimum PIN length for startup setting at Computer configuration > Administrative templates > Windows Components BitLocker Drive Encryption > Operating System Drives to Enabled and then set the minimum value between 6 to 20.

That’s it!

Share this post on Facebook · Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Comments

  • Dave : I have tried all these "fixes". None have done me any good. I have An ...

    2 days ago

  • Bricaro : Thank you so much. This was driving me crazy. It's annoying, that they...

    2 days ago

  • Nikesh : version 1903 (os build 18362.418)...

    3 days ago

  • Kapil Arya : ^^ Run winver command and let me know build number or version n...

    4 days ago