The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to configure use of Passwords for Fixed Data Drives in BitLocker

Download Windows Speedup Tool to fix errors and make PC run faster

If you want to set various policies to use a password for fixed data drives of BitLocker in Windows 11 or Windows 10, here is how you can do that. You can configure the use of passwords for BitLocker fixed data drives using Local Group Policy Editor and Registry Editor. It is possible to enable or disable passwords for fixed data drives, password complexity, and minimum password length using this guide.

How to configure use of Passwords for Fixed Data Drives in BitLocker

To configure use of passwords for fixed data drives, follow these steps:

  1. Search for gpedit in the Taskbar search box.
  2. Click on the search result.
  3. Go to BitLocker Drive Encryption > Fixed Data Drives in Computer Configuration.
  4. Double-click on the Configure use of passwords for fixed data drives setting.
  5. Choose the Enabled option.
  6. Tick the Require password for fixed data drive 
  7. Set the password complexity.
  8. Choose the minimum length of password for fixed data drive.
  9. Click the OK button.

Let’s delve into these steps in detail.

To get started, search for gpedit or gpedit.msc in the Taskbar search box and click on the individual search result to open the Local Group Policy Editor on your computer. Then, navigate to this path:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives

On the right-hand side, you can see a setting named Configure use of passwords for fixes data drives. You need to double-click on this setting and choose the Enabled option.

How to configure use of Passwords for Fixed Data Drives in BitLocker

Next, you have three options to set up:

  • Require password for fixed data drive: You can tick the checkbox to enable.
  • Choose a password complexity setting.
  • Select the minimum password length.

Finally, click the OK button to save the change.

How to configure use of passwords for fixed data drives using Registry

To configure use of passwords for fixed data drives using Registry, follow these steps:

  1. Press Win+R > type regedit and click the OK button.
  2. Click the Yes button.
  3. Go to Microsoft in HKLM.
  4. Right-click on Microsoft > New > Key and name it FVE.
  5. Right-click on FVE > New > DWORD (32-bit) Value.
  6. Set the name as FDVPassphrase.
  7. Double-click on it to set the Value data as 1.
  8. Repeat these steps to create three more REG_DWORD values.
  9. Name them as FDVEnforcePassphrase, FDVPassphraseComplexity, and FDVPassphraseLength.
  10. Set the Value data of FDVPassphrase as 1.
  11. Set the Value data of FDVPassphraseLength anything from 6 to 20.
  12. Set the Value data of FDVPassphraseComplexity as 0, 1, or 2.
  13. Restart your computer.

Let’s find out more about these steps.

First, press Win+R to open the Run prompt, type regedit, click the OK button, and click on the Yes option to open the Registry Editor. Then, go to this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

Right-click on Microsoft > New > Key and set the name as FVE.

How to enforce BitLocker drive encryption for removable data drives

Right-click on FVE > New > DWORD (32-bit) Value and name it as FDVPassphrase.

How to enforce BitLocker drive encryption for removable data drives

Double-click on it and set the Value data as 1.

How to configure use of passwords for fixed data drives

Then, you need three more REG_DWORD values:

  • FDVEnforcePassphrase: 1 to enable
  • FDVPassphraseComplexity: 0/1/2
  • FDVPassphraseLength: 6 to 20

Then, double-click on each REG_DWORD value and set the Value data as mentioned above.

Finally, close all windows and restart your computer.

Read: How to change BitLocker PIN in Windows 11/10

How can we enforce BitLocker encryption?

To enforce BitLocker encryption in Windows 11/10, you need to use a PIN or password for the protected drive. For that, you can use Control Panel, Command Prompt, Windows PowerShell, or Windows Terminal. In the Windows Terminal, you need to use this command: manage-bde -changepin C:.

How do I enable Require additional authentication at startup?

To enable the Require additional authentication at startup for BitLocker, you need to use the Local Group Policy Editor. For that, go to the BitLocker Drive Encryption > Operating System Drives. Double-click on the Require additional authentication at startup setting and choose the Enabled option. Then, expand the drop-down menu and choose Require start PIN with TPM option. Click the OK button to save the change.

That’s all! Hope it helped.

Read: Specify Minimum Length for BitLocker Startup PIN in Windows 11/10.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *