Native to selected editions of Windows 10, Is a very powerful utility named BitLocker Drive Encryption, that allows you to protect your files from unauthorized access. You can encrypt (for example) removable or fixed data drives by setting a password of your choice. However, this doesn't prevent other users sharing your PC, from changing It as well. As such, In this tutorial, I will show you how to disable standard users from changing the BitLocker password.
Before I begin, here's what I'm referring to. Once you've enabled BitLocker on a given drive and It's unlocked, the option to change the password Is available, by right-clicking the drive and selecting Change BitLocker password as shown below.
If you're sharing your computer with other users utilizing standard user accounts, they can do the very same. Although there's a lockout policy of 5 Invalid attempts, thus disabling the option to change the password, a simple reboot sets It back to zero and users can then try again.
As a safeguard, I will demonstrate how to prevent those with standard user accounts from changing the password, by using the good old Group Policy Editor. Do note that the GPE Is only available In Windows 10 Pro, Enterprise and Education editions. If you're running either of these, then this tutorial Is for you. So without further delay, let's get this started.
Step One:The first thing we need to do, Is access the Group Policy Editor. Open the Run menu, enter gpedit.msc and hit OK as shown below.
Step Two:The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
Make sure the Operating System Drives folder Is selected, and on the right pane, double-click on Disallow standard users from changing the PIN or password.