Privacy and Security Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB in Windows 11


BitLocker_OS_banner.png

This tutorial will show you how to enable or disable BitLocker to unlock the operating system drive at startup with a PIN or USB flash drive in Windows 10 and Windows 11.

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

New files are automatically encrypted when you save them to a drive encrypted by BitLocker. However, if you copy these files to another drive or a different PC not encrypted by BitLocker, the files are automatically decrypted.

BitLocker checks the PC during startup for any conditions that could represent a security risk (for example, a change to the BIOS software that starts the operating system when you turn on your PC, or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and you'll need a special BitLocker recovery key to unlock it.

BitLocker will automatically unlock a OS drive encrypted by BitLocker with TPM at startup by default in Windows 11.

You can enable the Require additional authentication at startup policy to allow BitLocker to unlock the operating system drive with a PIN or USB flash drive.


You must be signed in as an administrator to enable or disable BitLocker to unlock the OS drive at startup with PIN and USB.

If you disable BitLocker to unlock the OS drive at startup with a PIN or USB when the OS drive is already set to unlock at startup with a PIN or USB, you will still be able to continue to unlock the OS drive at startup with the PIN or USB until you change to let BitLocker automatically unlock the OS drive with TPM.

If you Enable BitLocker to unlock the OS drive at startup with a PIN or USB, it will add Change how drive is unlocked at startup to BitLocker Manager operating System drive settings in Control Panel > BitLocker Drive Encryption.



Contents

  • Option One: Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB in Local Group Policy Editor
  • Option Two: Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB using REG file


EXAMPLE: Change how drive is unlocked at startup

Choose_how_to_unlock_your_drive_at_startup-1.png
Choose_how_to_unlock_your_drive_at_startup-2.png





Option One

Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB in Local Group Policy Editor


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Two.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

BitLocker_OS_gpedit-1.png

3 In the right pane of Operating System Drives in the Local Group Policy Editor, double click/tap on the Require additional authentication at startup policy to edit it. (see screenshot above)

4 Do step 5 (enable) or step 6 (disable) below for what you would like to do.

5 Enable BitLocker to Unlock OS drive at Startup with PIN and USBs

A) Select (dot) Enabled. (see screenshot below)​

B) Uncheck the Allow BitLocker without a compatible TPM box under Options, and click/tap on OK.​

C) Leave all settings under Options set to the default Allow.​

D) Click/tap on OK, and go to step 7 below.​

BitLocker_OS_gpedit-2.png

6 Disable BitLocker to Unlock OS drive at Startup with PIN and USB

This is the default setting.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

BitLocker_OS_gpedit-3.png

7 You can now close the Local Group Policy Editor if you like.




Option Two

Enable or Disable BitLocker to Unlock OS drive at Startup with PIN and USB using REG file


1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.

2 Enable BitLocker to Unlock OS drive at Startup with PIN and USB

A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Enable_BitLocker_unlock_OS_drive_at_startup_with_PIN_and_USB.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000000
"UseTPM"=dword:00000002
"UseTPMPIN"=dword:00000002
"UseTPMKey"=dword:00000002
"UseTPMKeyPIN"=dword:00000002

3 Disable BitLocker to Unlock OS drive at Startup with PIN and USB

This is the default setting.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Disable_BitLocker_unlock_OS_drive_at_startup_with_PIN_and_USB.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=-
"EnableBDEWithNoTPM"=-
"UseTPM"=-
"UseTPMPIN"=-
"UseTPMKey"=-
"UseTPMKeyPIN"=-

4 Save the .reg file to your desktop.

5 Double click/tap on the downloaded .reg file to merge it.

6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink


Related Tutorials

 

Attachments

Last edited:
Click to expand...
Brink said:
Correct. I only have the USB option, and no PIN.

It does say Slate.

usb-webp.119714
Click to expand...

Thanks Shawn. So that's a weird difference per se.
OK, I can set a PIN when both GPO's are enabled as I described.
If I did so, and rebooted I would expect to see the BitLocker PIN blue screen.

key question: if I cannot then use the Surface's own keyboard to enter that PIN have I rendered my PC unusable?
 

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
BirendraN said:
Thanks Shawn. So that's a weird difference per se.
OK, I can set a PIN when both GPO's are enabled as I described.
If I did so, and rebooted I would expect to see the BitLocker PIN blue screen.

key question: if I cannot then use the Surface's own keyboard to enter that PIN have I rendered my PC unusable?
Click to expand...

If it lets you set up a PIN to unlock the BitLocker OS drive at startup, you should be fine.

Worse case, clean install using USB at boot.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink said:
If it lets you set up a PIN to unlock the BitLocker OS drive at startup, you should be fine.

Worse case, clean install using USB at boot.
Click to expand...

Thats where my knowledge fails re clean install using USB at boot. I don’t know how to do that. I dont have any installation media. I have no idea how to restore the Surface to as it was when I purchased it from Microsoft.

Separately are yiu able to raise this issue with Microsoft?

Im still confused why you didnt get the PIN option like i did when setting both GPOs. we appear to be using exactly the same Spec for our Surface 7 laptops.
 

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
BirendraN said:
Thats where my knowledge fails re clean install using USB at boot. I don’t know how to do that. I dont have any installation media. I have no idea how to restore the Surface to as it was when I purchased it from Microsoft.

Separately are yiu able to raise this issue with Microsoft?

Im still confused why you didnt get the PIN option like i did when setting both GPOs. we appear to be using exactly the same Spec for our Surface 7 laptops.
Click to expand...

You can download the Surface factory recovery image for your model like below at Microsoft to create and use a USB with.

www.elevenforum.com

Download Microsoft Surface Factory Recovery Image

This tutorial will show you how to download a factory recovery image for your Microsoft Surface device running Windows 10 or Windows 11. If your Surface won’t start—or if the recovery info has been removed—you can use your USB recovery drive to access recovery tools and solve problems. Your...
www.elevenforum.com www.elevenforum.com

I'm not sure why I don't have a PIN option and you do either for the same laptop. 🤷‍♂️
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink said:
You can download the Surface factory recovery image for your model like below at Microsoft to create and use a USB with.

www.elevenforum.com

Download Microsoft Surface Factory Recovery Image

This tutorial will show you how to download a factory recovery image for your Microsoft Surface device running Windows 10 or Windows 11. If your Surface won’t start—or if the recovery info has been removed—you can use your USB recovery drive to access recovery tools and solve problems. Your...
www.elevenforum.com www.elevenforum.com

I'm not sure why I don't have a PIN option and you do either for the same laptop. 🤷‍♂️
Click to expand...
Thank you.
Having upgraded my Surface to windows Pro and paying to do so, if i have to clean install back to Windows 11 Home will Microsoft allow me to change the key to my windows pro key? Because of course the latter is in use on the Surface which would be wiped.
 

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
BirendraN said:
Thank you.
Having upgraded my Surface to windows Pro and paying to do so, if i have to clean install back to Windows 11 Home will Microsoft allow me to change the key to my windows pro key? Because of course the latter is in use on the Surface which would be wiped.
Click to expand...

Yes, you would be able to upgrade back to Pro by just changing the product key to the Pro key.

If the PIN to unlock the BitLocker OS drive should fail, you should have an option to unlock using the BitLocker Recovery Key. Be sure to have this on stand by to be extra safe.

www.elevenforum.com

Find BitLocker Recovery Key in Windows 11

This tutorial will show you how to find your BitLocker recovery key for a drive in Windows 10 and Windows 11. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or...
www.elevenforum.com www.elevenforum.com
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink said:
Yes, you would be able to upgrade back to Pro by just changing the product key to the Pro key.

If the PIN to unlock the BitLocker OS drive should fail, you should have an option to unlock using the BitLocker Recovery Key. Be sure to have this on stand by to be extra safe.

www.elevenforum.com

Find BitLocker Recovery Key in Windows 11

This tutorial will show you how to find your BitLocker recovery key for a drive in Windows 10 and Windows 11. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or...
www.elevenforum.com www.elevenforum.com
Click to expand...
The thing is i will have Enabled the GPO “Enable use of Bitlocker authentication requiring preboot keyboard input on slates”. That policy says you must have an alternative means of inputting such as a USB keyboard. This is why I am so concerned as to whether the surface keyboard itself will work or not. Because if it does not, then I will not be able to type anything at all, regardless of what might appear.


Also, if I have to clean boot install, and boot locker is of course active on the operating system drive, does the TPM realise that a clean install has taken place and forgets anything about pins et cetera. ?
 

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
BirendraN said:
The thing is i will have Enabled the GPO “Enable use of Bitlocker authentication requiring preboot keyboard input on slates”. That policy says you must have an alternative means of inputting such as a USB keyboard. This is why I am so concerned as to whether the surface keyboard itself will work or not. Because if it does not, then I will not be able to type anything at all, regardless of what might appear.


Also, if I have to clean boot install, and boot locker is of course active on the operating system drive, does the TPM realise that a clean install has taken place and forgets anything about pins et cetera. ?
Click to expand...

I don't think you'll have an issue if it lets you set up a PIN to unlock BitLocker with, and enable the “Enable use of Bitlocker authentication requiring preboot keyboard input on slates” GPO.

A clean install or factory recovery will wipe the BitLocker drive so you can reinstall if you are unable to unlock the BitLocker drive to access it. BitLocker is just a gate keeper to protect access to the data on the drive. You'll always be able to wipe the drive to start over.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink said:
I don't think you'll have an issue if it lets you set up a PIN to unlock BitLocker with, and enable the “Enable use of Bitlocker authentication requiring preboot keyboard input on slates” GPO.

A clean install or factory recovery will wipe the BitLocker drive so you can reinstall if you are unable to unlock the BitLocker drive to access it. BitLocker is just a gate keeper to protect access to the data on the drive. You'll always be able to wipe the drive to start over.
Click to expand...
  1. Thank you Shawn. I have now created a Recovery Drive and as instructed by Microsoft cleared the "Clear the Back up system files to the recovery drive check box and then select Next." Was that correct?
  2. Is there a way for me to test that my Recovery Drive is verified good to go?
  3. I have a digital license for the upgrade in place I did from Windows 11 to Windows 11 Pro. So I do not have a Product Key. If I have to use the Recovery Drive to revert to Home, how do I say "I have a digital license, please use it" as it were to get back to Pro?
 

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
BirendraN said:
  1. Thank you Shawn. I have now created a Recovery Drive and as instructed by Microsoft cleared the "Clear the Back up system files to the recovery drive check box and then select Next." Was that correct?
  2. Is there a way for me to test that my Recovery Drive is verified good to go?
  3. I have a digital license for the upgrade in place I did from Windows 11 to Windows 11 Pro. So I do not have a Product Key. If I have to use the Recovery Drive to revert to Home, how do I say "I have a digital license, please use it" as it were to get back to Pro?
Click to expand...

You could test it by booting from the USB to see if it'll boot to Windows Setup. You can just close Windows Setup to cancel, and boot to Windows.

www.elevenforum.com

Boot from USB Drive on Windows 11 PC

This tutorial will show you how to boot from a bootable USB flash drive at boot or from within Windows 11 PC or Surface devices. Option One: Boot from USB Drive from Advanced Startup (WinRE) Option Two: Boot from USB Drive from Boot Menu Option Three: Boot from USB Drive on Surface devices...
www.elevenforum.com www.elevenforum.com
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink said:
You could test it by booting from the USB to see if it'll boot to Windows Setup. You can just close Windows Setup to cancel, and boot to Windows.

www.elevenforum.com

Boot from USB Drive on Windows 11 PC

This tutorial will show you how to boot from a bootable USB flash drive at boot or from within Windows 11 PC or Surface devices. Option One: Boot from USB Drive from Advanced Startup (WinRE) Option Two: Boot from USB Drive from Boot Menu Option Three: Boot from USB Drive on Surface devices...
www.elevenforum.com www.elevenforum.com
Click to expand...
OK will do. And do you know the answers to 1 and 3 in my previous post. Sorry to go on but I like to be very thoroughly prepared with a fallback plan before I do anything ;-) . It has served me well!
 

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
BirendraN said:
OK will do. And do you know the answers to 1 and 3 in my previous post. Sorry to go on but I like to be very thoroughly prepared with a fallback plan before I do anything ;-) . It has served me well!
Click to expand...
Q1) That is correct from the steps below.

Creating and using a USB recovery drive for Surface - Microsoft Support

Learn how to reset your Microsoft Surface and solve problems using a USB recovery drive or Surface recovery image.
support.microsoft.com support.microsoft.com

Q3) Since the Home key is embedded in the firmware, Windows Setup will most likely autodetect and use it to activate with. It's not a problem though. Once setup and installation has finished, you can just change the product key to the Pro key to quickly upgrade from Home to Pro like below.

www.elevenforum.com

Upgrade Windows 11 Home to Windows 11 Pro

This tutorial will show you how to upgrade from Windows 11 Home to Windows 11 Pro without losing anything. You can directly upgrade your device from Windows 11 Home to the Windows 11 Pro edition without losing anything. Upgrading to Windows 11 Pro will include features only in the Pro edition...
www.elevenforum.com www.elevenforum.com
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink said:
Q1) That is correct from the steps below.

Creating and using a USB recovery drive for Surface - Microsoft Support

Learn how to reset your Microsoft Surface and solve problems using a USB recovery drive or Surface recovery image.
support.microsoft.com support.microsoft.com

Q3) Since the Home key is embedded in the firmware, Windows Setup will most likely autodetect and use it to activate with. It's not a problem though. Once setup and installation has finished, you can just change the product key to the Pro key to quickly upgrade from Home to Pro like below.

www.elevenforum.com

Upgrade Windows 11 Home to Windows 11 Pro

This tutorial will show you how to upgrade from Windows 11 Home to Windows 11 Pro without losing anything. You can directly upgrade your device from Windows 11 Home to the Windows 11 Pro edition without losing anything. Upgrading to Windows 11 Pro will include features only in the Pro edition...
www.elevenforum.com www.elevenforum.com
Click to expand...

Shawn, I have succeeded in enabling the BitLocker Start Up PIN screen to appear. I would like to thank you for your wonderful help on all this. I really appreciate it. I am going to summarize below how I got this to work (fingers crossed!).

Perhaps you know a better place to post the process somewhere so others may find it.

Finally, I do wonder whether Microsoft should be made aware of this issue?


How to Enable a BitLocker Startup PIN on a Microsoft Surface 7 Laptop in Windows 11 Pro

System Specs
OS Name Microsoft Windows 11 Pro
Version 10.0.26100 Build 26100
OS Manufacturer Microsoft Corporation
System Model Microsoft Surface Laptop, 7th Edition
System Type ARM64-based PC
Processor Snapdragon(R) X 12-core X1E80100 @ 3.40 GHz, 3417 Mhz, 12 Core(s), 12 Logical Processor(s)
BIOS Version/Date Microsoft Corporation 169.105.235, 07/11/2024
  1. Read all the posts between Shawn and myself here to understand the problem I was encountering.
  2. You are strongly advised to create a USB Recovery Disk as per these posts.
  3. Using an Admin Account do the following.
  4. Run gpedit.msc and navigate to the location in the attached file named "GroupPoliciesThatMustBeEnabled.png"
  5. All these three policies must be enabled.
  6. For the group policy named "Require Additional Authentication at Startup", set the policy as in the attached "RequireAdditionalAuthenticationAtStartup.png"
  7. Open an elevated Command Prompt
  8. Enter gpupdate /force and press Enter
  9. Launch the Control Panel and launch BitLocker Drive Encryption.
  10. You should then be able to see an option "Change how drive is unlocked at startup"
  11. You should then see "Enter a PIN (recommended)", click on that.
  12. Enter your chosen PIN
  13. Reboot the PC and you should see the BitLocker blue screen prompting you for your password.
 

Attachments

  • GroupPoliciesThatMustBeEnabled.webp
    GroupPoliciesThatMustBeEnabled.webp
    150.1 KB · Views: 6
  • RequireAdditionalAuthenticationAtStartup.webp
    RequireAdditionalAuthenticationAtStartup.webp
    129.6 KB · Views: 3
Last edited:

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
Great news @BirendraN. :shawn:

The only difference is I'm running the latest Insider Dev build on it instead.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
You must log in or register to reply here.

Similar Windows 11 Tutorials

  • Article Article
Accounts Enable or Disable Windows Hello PIN Expiration in Windows 11
Replies
0
Views
607
Brink
Brink
  • Article Article
Privacy and Security Enable or Disable App Diagnostics Access in Windows 11
Replies
0
Views
673
Brink
Brink
  • Article Article
Browsers and Mail Enable or Disable Open Microsoft Edge Desktop Search Bar at Startup in Windows 11
Replies
0
Views
943
Brink
Brink
  • Article Article
Browsers and Mail Enable or Disable Sign-in to Microsoft Edge in Windows 11
Replies
0
Views
1K
Brink
Brink
  • Article Article
Browsers and Mail Enable or Disable Automatic Sign in on Microsoft Edge in Windows 11
Replies
0
Views
745
Brink
Brink
  • Article Article
Apps Enable or Disable Generative Fill in Paint app in Windows 11
Replies
3
Views
1K
Brink
Brink
  • Article Article
Browsers and Mail Enable or Disable Print from Microsoft Edge in Windows 11
Replies
3
Views
867
Samsung User
Samsung User

Latest Support Threads

Latest Tutorials

Back
Top Bottom