In today’s online world, it is best to have your data secured with additional security. BitLocker offers this security to Windows 10 users and they can even encrypt operating system (OS) drive using BitLocker.
By default, standard users have rights to change password for encrypted operating system drive with BitLocker (obviously, they’ll also need administrator account password for this). Standard users can directly change BitLocker OS drive password by right click on OS drive and selecting Change BitLocker password option.
In case if you want to prevent users from changing your BitLocker drive encryption password/PIN, you can deploy a relevant GPO setting for this. Please follow the steps mentioned below and this will help you to block users, so that they can’t change BitLocker drive encryption password. These steps will only work on Windows 8 or later running systems.
How To Prevent Users To Change BitLocker Password For OS Drive In Windows 10/8.1/8
1. Press + R and put
gpedit.msc in Run dialog box to open GPO snap-in. Click OK.
2. Next, in the GPO snap-in window, navigate here:
Computer Configuration > Administrative Templates
> Windows Components > BitLocker Drive Encryption > Operating
3. In the right pane of Operating System Drives, look for the policy setting named Disallow standard users from changing the PIN or password. The policy is Not Configured by default. Double click on the policy setting to modify its status:
4. On the policy configuration window, you can set the policy to Enabled state. Click Apply followed by OK. Close GPO snap-in and reboot the machine.
After restart, the policy should be in effect and standard users will no longer be able to change BitLocker password/PIN for operating system drive.
To allow standard users to change BitLocker password/PIN later, simply restore ‘Disallow standard users from changing the PIN or password’ GPO setting to Not Configured.