Allow enhanced PINs for startup
This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.
Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker.
If you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs.
Note: Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that the administrator evaluate if their systems are compatible with this feature prior to enabling its use.
Select the "Require ASCII-only PINs" check box to help make enhanced PINs more compatible with computers that limit the type or number of characters that can be entered in the pre-boot environment.
If you disable or do not configure this policy setting, enhanced PINs will not be used.
Supported on: At least Windows 7
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Microsoft\FVE |
| Value Name | UseEnhancedPin |
| Value Type | REG_DWORD |
| Enabled Value | 1 |
| Disabled Value | 0 |
Require ASCII-only PINs| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement |
| Value Name | OSEnhancedPINASCIIOnly |
| Value Type | REG_DWORD |
| Default Value | 1 |
| True Value | 1 |
| False Value | 0 |
bitlockermanagement.admx
- System
- App-V
- CEIP
- Client Coexistence
- Integration
- Publishing
- Reporting
- Scripting
- Streaming
- Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection
- Certificate Filter For Client SSL
- Enable Support for BranchCache
- Location Provider
- Package Installation Root
- Package Source Root
- Reestablishment Interval
- Reestablishment Retries
- Require Publish As Admin
- Specify what to load in background (aka AutoLoad)
- Verify certificate revocation list
- Virtualization
- App-V
- Windows Components
- MDOP MBAM (BitLocker Management)
- Client Management
- Fixed Drive
- Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
- Choose how BitLocker-protected fixed drives can be recovered
- Configure use of passwords for fixed data drives
- Deny write access to fixed drives not protected by BitLocker
- Encryption Policy Enforcement Settings
- Fixed data drive encryption settings
- Operating System Drive
- Allow enhanced PINs for startup
- Choose how BitLocker-protected operating system drives can be recovered
- Configure pre-boot recovery message and URL
- Configure TPM platform validation profile for BIOS-based firmware configurations
- Configure TPM platform validation profile for native UEFI firmware configurations
- Configure TPM platform validation profile
- Configure use of passwords for operating system drives
- Encryption Policy Enforcement Settings
- Operating system drive encryption settings
- Reset platform validation data after BitLocker recovery
- Use enhanced Boot Configuration Data validation profile
- Removable Drive
- Allow access to BitLocker-protected removable data drives from earlier versions of Windows
- Choose how BitLocker-protected removable drives can be recovered
- Configure use of passwords for removable data drives
- Control use of BitLocker on removable drives
- Deny write access to removable drives not protected by BitLocker
- Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
- Choose drive encryption method and cipher strength.
- Prevent memory overwrite on restart
- Provide the unique identifiers for your organization
- Validate smart card certificate usage rule compliance
- Microsoft User Experience Virtualization
- Applications
- Access 2013 backup only
- Calculator
- Common 2013 backup only
- Excel 2013 backup only
- InfoPath 2013 backup only
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Internet Explorer Common Settings
- Lync 2013 backup only
- Microsoft Access 2010
- Microsoft Access 2013
- Microsoft Excel 2010
- Microsoft Excel 2013
- Microsoft InfoPath 2010
- Microsoft InfoPath 2013
- Microsoft Lync 2010
- Microsoft Lync 2013
- Microsoft Office 365 Access 2013
- Microsoft Office 365 Common 2013
- Microsoft Office 365 Excel 2013
- Microsoft Office 365 InfoPath 2013
- Microsoft Office 365 Lync 2013
- Microsoft Office 365 OneNote 2013
- Microsoft Office 365 Outlook 2013
- Microsoft Office 365 PowerPoint 2013
- Microsoft Office 365 Project 2013
- Microsoft Office 365 Publisher 2013
- Microsoft Office 365 Visio 2013
- Microsoft Office 365 Word 2013
- Microsoft Office 2010 Common Settings
- Microsoft Office 2013 Common Settings
- Microsoft Office 2013 Upload Center
- Microsoft OneDrive for Business 2013
- Microsoft OneNote 2010
- Microsoft OneNote 2013
- Microsoft Outlook 2010
- Microsoft Outlook 2013
- Microsoft PowerPoint 2010
- Microsoft PowerPoint 2013
- Microsoft Project 2010
- Microsoft Project 2013
- Microsoft Publisher 2010
- Microsoft Publisher 2013
- Microsoft Visio 2010
- Microsoft Visio 2013
- Microsoft Word 2010
- Microsoft Word 2013
- Notepad
- OneNote 2013 backup only
- Outlook 2013 backup only
- PowerPoint 2013 backup only
- Project 2013 backup only
- Publisher 2013 backup only
- Visio 2013 backup only
- Word 2013 backup only
- WordPad
- Windows Apps
- Configure Sync Method
- Contact IT Link Text
- Contact IT URL
- Do not synchronize Windows Apps
- First Use Notification
- Ping the settings storage location before sync
- Settings package size warning threshold
- Settings storage path
- Settings template catalog path
- Synchronization timeout
- Synchronize Windows settings
- Sync settings over metered connections even when roaming
- Sync settings over metered connections
- Sync Unlisted Windows Apps
- Tray Icon
- Use User Experience Virtualization (UE-V)
- VDI Configuration
- Applications
- MDOP MBAM (BitLocker Management)
- Windows Components
- MDOP MBAM (BitLocker Management)
- Microsoft User Experience Virtualization
- Applications
- Access 2013 backup only
- Calculator
- Common 2013 backup only
- Excel 2013 backup only
- InfoPath 2013 backup only
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Internet Explorer Common Settings
- Lync 2013 backup only
- Microsoft Access 2010
- Microsoft Access 2013
- Microsoft Excel 2010
- Microsoft Excel 2013
- Microsoft InfoPath 2010
- Microsoft InfoPath 2013
- Microsoft Lync 2010
- Microsoft Lync 2013
- Microsoft Office 365 Access 2013
- Microsoft Office 365 Common 2013
- Microsoft Office 365 Excel 2013
- Microsoft Office 365 InfoPath 2013
- Microsoft Office 365 Lync 2013
- Microsoft Office 365 OneNote 2013
- Microsoft Office 365 Outlook 2013
- Microsoft Office 365 PowerPoint 2013
- Microsoft Office 365 Project 2013
- Microsoft Office 365 Publisher 2013
- Microsoft Office 365 Visio 2013
- Microsoft Office 365 Word 2013
- Microsoft Office 2010 Common Settings
- Microsoft Office 2013 Common Settings
- Microsoft Office 2013 Upload Center
- Microsoft OneDrive for Business 2013
- Microsoft OneNote 2010
- Microsoft OneNote 2013
- Microsoft Outlook 2010
- Microsoft Outlook 2013
- Microsoft PowerPoint 2010
- Microsoft PowerPoint 2013
- Microsoft Project 2010
- Microsoft Project 2013
- Microsoft Publisher 2010
- Microsoft Publisher 2013
- Microsoft Visio 2010
- Microsoft Visio 2013
- Microsoft Word 2010
- Microsoft Word 2013
- Notepad
- OneNote 2013 backup only
- Outlook 2013 backup only
- PowerPoint 2013 backup only
- Project 2013 backup only
- Publisher 2013 backup only
- Visio 2013 backup only
- Word 2013 backup only
- WordPad
- Windows Apps
- Configure Sync Method
- Do not synchronize Windows Apps
- Ping the settings storage location before sync
- Settings package size warning threshold
- Settings storage path
- Synchronization timeout
- Synchronize Windows settings
- Sync settings over metered connections even when roaming
- Sync settings over metered connections
- Use User Experience Virtualization (UE-V)
- VDI Configuration
- Applications