Windows BitLocker not offering unlock-by-password option

bitlockerpassword-protectionwindows 10

I have a problem in a single computer trying to do a process I've successfully done on another computers.

What I have successfully achieved on another computers:

  1. Have a non TPM compatible module featuring computer with Windows 10 Pro installed.
  2. Try to enable BitLocker on C:
  3. Windows complains about not having a compatible TPM module.
  4. Disable that requirement from Group Policy, reboot and retry.
  5. Through the BitLocker wizard, Windows asks you for the unlocking method, then I choose the one I prefer – password, which doesn't mean PIN nor USB drive -, then enter my custom password, then the wizard oblies me to save a recovery file somewhere, and it finally commits the options.
  6. The cyphering process goes on.
  7. At next boot, I must enter a password.

What is happening to me on a laptop with Windows 10:

  1. Try to enable BitLocker on C:
  2. Windows complains about not having a compatible TPM module.
  3. Disable that requirement from Group Policy, reboot and retry.
  4. Through the BitLocker wizard, Windows doesn't ask me for any unlocking method, it just goes to the screen where I must save a recovery file somewhere, and then it offers to commit the options.

I have no choice to choose password unlocking nor to enter any custom password, so I am not commiting the wizard. What can I do so Windows shows me the password input option? Am I doing anything wrong or different?

Lots of thanks in advance.

NOTE: please, the reason why I am preferring password unlocking is out of topic.

Best Answer

We'll actually look at a couple settings, make sure you have the following set, to completely disable TPM management and key use, and resort to password.

  1. Open gpedit.msc.
  2. Navigate to Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionOperating System Drives.
  3. Set the following policy options:
    1. Require additional authentication at startup:
      1. Enabled.
      2. Allow BitLocker without a compatible TPM: Checked
      3. Configure TPM startup: Do not allow TPM
      4. Configure TPM startup PIN: Require startup PIN with TPM
      5. Configure TPM startup key: Do not allow startup key with TPM
      6. Configure TPM startup key and PIN: Do not allow startup key and PIN with TPM
    2. Allow enhanced PINs for startup: Enabled
    3. Configure use of passwords for operating system drives:
      1. Enabled
      2. Configure password complexity for operating system drives: Allow password complexity

enter image description here enter image description here enter image description here

And for non-system drives, be sure to have the following checkbox set:

  1. Navigate to Fixed Data Drives.
  2. Configure use of passwords for fixed data drives
    1. Enabled
    2. Require password for fixed data drive: Checked

enter image description here

I think that about covers it. It should now give you the option for password input. It also should work with strong passwords, and at startup. Hope this helps!

Related Question