When allowed, these individuals can use their PKI credentials to unlock drives protected by BitLocker. Allow data recovery agent–Data recovery agents are individuals whose public key infrastructure (PKI) certificates are used to create a BitLocker key protector.System drives recovery options–Enable to set options for users to recover data from operating system drives protected by BitLocker.Pre-boot recovery options–Enable to set the recovery message or customize the URL provided on the pre-boot key recovery screen when the operating system drive is locked.TPM startup key and PIN–You can require both a startup key and a PIN.When this USB key is inserted into the device, access to the drive is authenticated and the drive is accessible. A startup key is a USB key with the information to encrypt the drive. TPM startup key–You can require users to authenticate with a TPM startup key to access a drive.You can also configure the minimum PIN length. TPM startup PIN–You can require a 6-digit to 20-digit PIN to be entered before startup.Configure TPM startup without a PIN or key–You can require TPM as startup authentication instead of a PIN or key.
#Turn off bitlocker windows 10 password
Allow BitLocker without a compatible TPM–Check the box to require either a password or a USB drive is required for startup.Additional startup authentication–Select whether BitLocker requires additional authentication each time the computer starts and specify if you’re using a Trusted Platform Module (TPM).Encryption option for system drives–Select the encryption method and the cipher strength of the key for operating system drives.