Hey everyone, I'm in the middle of rolling out BitLocker to around 300-400 devices at my company. I've managed to set some configurations like the PIN length through Group Policy, but currently, I'm calling each user to help them set their PIN while I'm remote. This process is taking way too long! Is there a way to push a generic PIN to all devices, so it prompts users to change it later? Just a heads up, we don't have SCCM, Intune, or any Windows tools specifically for BitLocker management, which complicates things.
2 Answers
You can actually enable BitLocker with a PIN using PowerShell and assign a generic or specific PIN for each device. However, you’ll need a deployment tool for that. If you've just got PDQ Connect, set it up and create a package to push out the BitLocker settings to all machines. It might save you a ton of trouble!
Honestly, you might be overcomplicating things. It's great that you're taking this on, but managing BitLocker PINs for so many users could get messy. Instead of a generic PIN, consider whether you actually need that requirement at all. If the data is backed up to Active Directory, you might get away with just using the encryption key without the extra PIN hassle. Just a thought!
That's a good point! We didn't require an extra PIN when we implemented BitLocker, just relied on auto-backup to AD. It made life so much easier.
Awesome, I'm working on getting PDQ connected to all devices. So, I just make this a package and deploy it, right?