I mean, if it’s a corporate device then it’s really a policy IT should be setting - this can be easily be done via a GPO or Intune policy, where an elevated script can prompt the end-user for a password.
Yarp. And when they forget it we use the 48 numerical recovery key found using the recovery ID that shows on the screen when you hit escape (from the bitlocker screen)
I’m talking about letting the user change their own password. I’m honestly not sure how that would be technically accomplished in this situation without having to contact IT each time. It seems like something Microsoft should provide a no-frills GUI for that doesn’t require elevation.
FYI: You can set it to require a PIN + TPM, or even just a password eg using
manage-bde -on c: -password.https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-on
Thanks, that sounds really useful. I’m guessing it won’t work unless you’re local admin though.
Yep, you’ll need local admin of course.
Which kind of makes it useless in many corporate environments where it’s most needed, since the users won’t be able to set their own password.
I mean, if it’s a corporate device then it’s really a policy IT should be setting - this can be easily be done via a GPO or Intune policy, where an elevated script can prompt the end-user for a password.
Yarp. And when they forget it we use the 48 numerical recovery key found using the recovery ID that shows on the screen when you hit escape (from the bitlocker screen)
deleted by creator
I’m talking about letting the user change their own password. I’m honestly not sure how that would be technically accomplished in this situation without having to contact IT each time. It seems like something Microsoft should provide a no-frills GUI for that doesn’t require elevation.
deleted by creator