Today’s tip…

While it still requires administrative privileges to configure BitLocker, with Windows 8, standard users can now by default change their own PIN/Password.  It is recommended that this be used in conjunction with the ‘Configure use of passwords’ GPO setting to enforce length and complexity.

One thing this means for enterprises is that they will be able to do their Windows deployments all with the same PIN/Password and allow their users to change it post-installation.

By default, this feature is included in Windows 8.

If you do not want this feature, then you can enable a GPO to Computer Configuration\Administrative Templates\BitLocker Drive Encryption\Operating System Drive \Disallow Standard Users to change PIN or Password.