Skip to main content

Prevent Users Changing The BitLocker Password

Native to selected editions of Windows 10, Is a very powerful utility named BitLocker Drive Encryption, that allows you to protect your files from unauthorized access. You can encrypt (for example) removable or fixed data drives by setting a password of your choice. However, this doesn't prevent other users sharing your PC, from changing It as well. As such, In this tutorial, I will show you how to disable standard users from changing the BitLocker password.

Before I begin, here's what I'm referring to. Once you've enabled BitLocker on a given drive and It's unlocked, the option to change the password Is available, by right-clicking the drive and selecting Change BitLocker password as shown below.

If you're sharing your computer with other users utilizing standard user accounts, they can do the very same. Although there's a lockout policy of 5 Invalid attempts, thus disabling the option to change the password, a simple reboot sets It back to zero and users can then try again.

As a safeguard, I will demonstrate how to prevent those with standard user accounts from changing the password, by using the good old Group Policy Editor. Do note that the GPE Is only available In Windows 10 Pro, Enterprise and Education editions. If you're running either of these, then this tutorial Is for you. So without further delay, let's get this started.

Step One:

The first thing we need to do, Is access the Group Policy Editor. Open the Run menu, enter gpedit.msc and hit OK as shown below.

Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

Make sure the Operating System Drives folder Is selected, and on the right pane, double-click on Disallow standard users from changing the PIN or password.

Step Three:

Next, to the left of the window, select the Enabled radio button and then hit OK to finalize the process. From this point forward, standard user accounts cannot change the BitLocker password.

Step Four:

Let's test It to make sure It's working. I'm signing Into my standard user account named Windows 10 Tips.

Step Five:

Just to confirm my account type, I've navigated to the User Accounts section In Control Panel. You can clearly see that It's a Standard user account.

Step Six:

Now to try and change the password. I've right-clicked on an unlocked Bitlocker drive, and selected Change BitLocker password.

Step Seven:

I've now entered the details In the password fields, and hit the Change password button. Let's see what happens In the next step.

Last Step:

As you can see, a message has been returned saying that only administrator accounts can change the password. Perfect, It's precisely the result I expected.

Final Thoughts:

The good thing about this Implementation, Is not only the fact that many users are not aware that the setting exists In the Group Policy Editor, but also that It's extremely simple to apply without the need to reboot your system. To reverse the change, refer to Step Three above and select the Not Configured radio button. Don't forget to hit OK.


Popular posts from this blog

Check The Health Of Your Laptop's Battery

When you first purchase your laptop and fully charge the battery thereafter, It runs at It's optimal state for quite a while. However, over time, It Inevitably decreases In performance, and does not hold It's charge capacity as per It's brand new state. This Is due to wear & tear, and a few other factors. It's very Important to know the condition of your battery, so In this tutorial, I will show you how to view the current status and health of your laptop's battery.

How To Troubleshoot Your PC's Power Settings

Upon purchasing your computer with the Windows OS Installed, by default, It's power plan setting Is set to Balanced. Depending on the manufacturer, the hibernate and sleep modes are also configured to turn off at certain Intervals. You can also create a plan of your own, based on your computing usability. Power plan settings can corrupt at the best of times, hence In this tutorial, I will show you how to troubleshoot your PC's power settings natively within Windows.

Force Windows 10 To Boot To Advanced Startup

In the event your operating system corrupts and losses functionality to some degree, Windows 10 has the Advanced Startup Options menu, that contains a range of diagnostic and repair utilities to help restore the OS back to It's functional state. You can perform a System Restore, Reset your PC, execute commands via the Command Prompt and more. To have It readily available, In this tutorial, I will show you how to force Windows 10 to always boot to the Advanced Startup settings.