Skip to main content


Prevent Users Changing The BitLocker Password


Native to selected editions of Windows 10, Is a very powerful utility named BitLocker Drive Encryption, that allows you to protect your files from unauthorized access. You can encrypt (for example) removable or fixed data drives by setting a password of your choice. However, this doesn't prevent other users sharing your PC, from changing It as well. As such, In this tutorial, I will show you how to disable standard users from changing the BitLocker password.


Before I begin, here's what I'm referring to. Once you've enabled BitLocker on a given drive and It's unlocked, the option to change the password Is available, by right-clicking the drive and selecting Change BitLocker password as shown below.



If you're sharing your computer with other users utilizing standard user accounts, they can do the very same. Although there's a lockout policy of 5 Invalid attempts, thus disabling the option to change the password, a simple reboot sets It back to zero and users can then try again.

As a safeguard, I will demonstrate how to prevent those with standard user accounts from changing the password, by using the good old Group Policy Editor. Do note that the GPE Is only available In Windows 10 Pro, Enterprise and Education editions. If you're running either of these, then this tutorial Is for you. So without further delay, let's get this started.

Step One:

The first thing we need to do, Is access the Group Policy Editor. Open the Run menu, enter gpedit.msc and hit OK as shown below.


Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

Make sure the Operating System Drives folder Is selected, and on the right pane, double-click on Disallow standard users from changing the PIN or password.


Step Three:

Next, to the left of the window, select the Enabled radio button and then hit OK to finalize the process. From this point forward, standard user accounts cannot change the BitLocker password.


Step Four:

Let's test It to make sure It's working. I'm signing Into my standard user account named Windows 10 Tips.


Step Five:

Just to confirm my account type, I've navigated to the User Accounts section In Control Panel. You can clearly see that It's a Standard user account.


Step Six:

Now to try and change the password. I've right-clicked on an unlocked Bitlocker drive, and selected Change BitLocker password.


Step Seven:

I've now entered the details In the password fields, and hit the Change password button. Let's see what happens In the next step.


Last Step:

As you can see, a message has been returned saying that only administrator accounts can change the password. Perfect, It's precisely the result I expected.


Final Thoughts:

The good thing about this Implementation, Is not only the fact that many users are not aware that the setting exists In the Group Policy Editor, but also that It's extremely simple to apply without the need to reboot your system. To reverse the change, refer to Step Three above and select the Not Configured radio button. Don't forget to hit OK.



Comments

Popular posts from this blog

How To Create A Virtual Machine Using VMware

A virtual machine, often abbreviated as a VM, Is a software program containing an operating system that's Installed on the physical machine (PC), and operates In It's own Isolated environment. Every task performed In the VM, remains there, without affecting the main computer. Every user should have a virtual machine up and running, so In this tutorial, I will demonstrate a detailed guide on how to create & Install a virtual machine on your computer, namely VMware Workstation.

How To Use Sandboxie In Windows 10

When navigating online and downloading & executing applications, clicking on links, visiting websites that you're not familiar with and so forth, your computer Is vulnerable to being Infected with a virus. The last thing you need, Is to have your sensitive files compromised or hit with a nasty piece of malware. To prevent this, In this tutorial, I will show you how to safely perform all the above and more, by using a software named Sandboxie.

Create A Bootable USB Flash Drive

If you have a Bootable ISO Image file of the Windows operating system, obviously the Intention Is to burn It to disc and boot from your PC thereafter. However, optical drives are slowly being phased out In manufacturing & shipping of new computers, so what do you do from here? The alternative Is to create a bootable USB flash drive, and I will show you exactly how It's done. The process Is quite simple, yet a lot of users fail to grasp the concept.