Skip to main content

Prevent Users Changing The BitLocker Password

Native to selected editions of Windows 10, Is a very powerful utility named BitLocker Drive Encryption, that allows you to protect your files from unauthorized access. You can encrypt (for example) removable or fixed data drives by setting a password of your choice. However, this doesn't prevent other users sharing your PC, from changing It as well. As such, In this tutorial, I will show you how to disable standard users from changing the BitLocker password.

Before I begin, here's what I'm referring to. Once you've enabled BitLocker on a given drive and It's unlocked, the option to change the password Is available, by right-clicking the drive and selecting Change BitLocker password as shown below.

If you're sharing your computer with other users utilizing standard user accounts, they can do the very same. Although there's a lockout policy of 5 Invalid attempts, thus disabling the option to change the password, a simple reboot sets It back to zero and users can then try again.

As a safeguard, I will demonstrate how to prevent those with standard user accounts from changing the password, by using the good old Group Policy Editor. Do note that the GPE Is only available In Windows 10 Pro, Enterprise and Education editions. If you're running either of these, then this tutorial Is for you. So without further delay, let's get this started.

Step One:

The first thing we need to do, Is access the Group Policy Editor. Open the Run menu, enter gpedit.msc and hit OK as shown below.

Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

Make sure the Operating System Drives folder Is selected, and on the right pane, double-click on Disallow standard users from changing the PIN or password.

Step Three:

Next, to the left of the window, select the Enabled radio button and then hit OK to finalize the process. From this point forward, standard user accounts cannot change the BitLocker password.

Step Four:

Let's test It to make sure It's working. I'm signing Into my standard user account named Windows 10 Tips.

Step Five:

Just to confirm my account type, I've navigated to the User Accounts section In Control Panel. You can clearly see that It's a Standard user account.

Step Six:

Now to try and change the password. I've right-clicked on an unlocked Bitlocker drive, and selected Change BitLocker password.

Step Seven:

I've now entered the details In the password fields, and hit the Change password button. Let's see what happens In the next step.

Last Step:

As you can see, a message has been returned saying that only administrator accounts can change the password. Perfect, It's precisely the result I expected.

Final Thoughts:

The good thing about this Implementation, Is not only the fact that many users are not aware that the setting exists In the Group Policy Editor, but also that It's extremely simple to apply without the need to reboot your system. To reverse the change, refer to Step Three above and select the Not Configured radio button. Don't forget to hit OK.


Popular posts from this blog

How To Decode The Windows 10 Product Key

Every Windows 10 operating system that's Installed and activated on the computer, has what's called a Product Key , that Is either pre-Installed by the manufacturer, or added by the end user when formatting their PC. In order to have a fully-functional OS, It must contain a valid Product Key. Whilst there are many tools that can extract It from the operating system, In this tutorial, I will show you how to manually decode the Product Key.

How To Check Faulty Drivers In Windows 10

For hardware devices to function properly, they must have device drivers  Installed, thus allow them to perform at their optimal state. It's all well and good when they're running without error, but they do tend to fail at the best of times, which can cause system Instability and/or loss of functionality. It can be a difficult task pinpointing the problematic driver(s), so In this tutorial, I will show you how to check faulty drivers , without the aid of third-party tools.

How To Create A Fake File Of Any File Size

Depending on your business environment or Individual requirements, sometimes there Is the need to test files of a given capacity. Such tests can Include Identifying how well your hard disks perform under heavy read/write operations, or to establish whether files can be securely deleted beyond recovery. Whatever the reason may be, In this tutorial, I will show you how to create a fake file of any file size.