In today’s online world, it is best to have your data secured with additional security. BitLocker offers this security to Windows 10 users and they can even encrypt operating system (OS) drive using BitLocker.

By default, standard users have rights to change password for encrypted operating system drive with BitLocker (obviously, they’ll also need administrator account password for this). Standard users can directly change BitLocker OS drive password by right click on OS drive and selecting Change BitLocker password option.

How To Prevent Users To Change BitLocker Password For OS Drive

In case if you want to prevent users from changing your BitLocker drive encryption password/PIN, you can deploy a relevant GPO setting for this. Please follow the steps mentioned below and this will help you to block users, so that they can’t change BitLocker drive encryption password. These steps will only work on Windows 8 or later running systems.

How To Prevent Users To Change BitLocker Password For OS Drive In Windows 10/8.1/8

1. Press W8K + R and put gpedit.msc in Run dialog box to open GPO snap-in. Click OK.

Local Group Policy Editor

2. Next, in the GPO snap-in window, navigate here:

Computer Configuration > Administrative Templates
> Windows Components > BitLocker Drive Encryption > Operating
System Drives

How To Prevent Users To Change BitLocker Password For OS Drive

3. In the right pane of Operating System Drives, look for the policy setting named Disallow standard users from changing the PIN or password. The policy is Not Configured by default. Double click on the policy setting to modify its status:

How To Prevent Users To Change BitLocker Password For OS Drive

4. On the policy configuration window, you can set the policy to Enabled state. Click Apply followed by OK. Close GPO snap-in and reboot the machine.

After restart, the policy should be in effect and standard users will no longer be able to change BitLocker password/PIN for operating system drive.

How To Prevent Users To Change BitLocker Password For OS Drive

To allow standard users to change BitLocker password/PIN later, simply restore ‘Disallow standard users from changing the PIN or password’ GPO setting to Not Configured.

That’s it!

Leave a Reply

Your email address will not be published. Required fields are marked *