Email: helpdesk@telkomuniversity.ac.id

This Portal for internal use only!

All Categories

All Categories

Search

0 Wishlist

Cart

Categories
More Categories Less Categories

iconTicket Service Desk

All Categories

All Categories

Search

0 Wishlist

Cart

Menu
Home/Microsoft/Bitlocker setup the max attemps before need the recovery code

Bitlocker setup the max attemps before need the recovery code

/ 2024-07-28 / Microsoft

I’m trying to configure Bitlocker with GPO for Windows 11 H2 workstations.

My need : after 4 wrong PIN code entered, the user must enter the recovery code.

 

I’ve tried these GPO, without success :

 

Computer Configuration > Administrative Templates > System > Trusted Platform Module Services

Standard User Individual Lockout Threshold : EnabledMaximum number of authorization failures per duration = 4Standard User Total Lockout Threshold : EnabledMaximum number of authorization failures per duration = 4

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drivers

Allow enhanced PINs for startup : EnableConfigure minimum PIN length for startup : EnabledMinimum charcaters = 8

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options

Interactive logon: Machine account lockout threshold = 4

With PowerShell :

Get-Tpm

LockoutHealTime = 10 minutesLockoutMax = 31

 

Clear-Tpm

LockoutHealTime = 2 hoursLockoutMax = 10

 

I dont understand why the TPM value (lockoutMax) is 31. I want it equals 4. Where I’m wrong?

 

Thanks in advance

​I’m trying to configure Bitlocker with GPO for Windows 11 H2 workstations.My need : after 4 wrong PIN code entered, the user must enter the recovery code. I’ve tried these GPO, without success : Computer Configuration > Administrative Templates > System > Trusted Platform Module ServicesStandard User Individual Lockout Threshold : EnabledMaximum number of authorization failures per duration = 4Standard User Total Lockout Threshold : EnabledMaximum number of authorization failures per duration = 4Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System DriversAllow enhanced PINs for startup : EnableConfigure minimum PIN length for startup : EnabledMinimum charcaters = 8Computer Configuration > Windows Settings > Security Settings > Local Policies > Security OptionsInteractive logon: Machine account lockout threshold = 4With PowerShell :Get-TpmLockoutHealTime = 10 minutesLockoutMax = 31 Clear-TpmLockoutHealTime = 2 hoursLockoutMax = 10 I dont understand why the TPM value (lockoutMax) is 31. I want it equals 4. Where I’m wrong? Thanks in advance  Read More

Tags:

Related posts

8080 Books, an imprint of Microsoft, launches, offering thought leadership titles spanning technology, business and society
2024-11-18

8080 Books, an imprint of Microsoft, launches, offering thought leadership titles spanning technology, business and society

From questions to discoveries: NASA’s new Earth Copilot brings Microsoft AI capabilities to democratize access to complex data
2024-11-14

From questions to discoveries: NASA’s new Earth Copilot brings Microsoft AI capabilities to democratize access to complex data

Microsoft introduces new adapted AI models for industry
2024-11-13

Microsoft introduces new adapted AI models for industry

Leave a Reply

Your email address will not be published. Required fields are marked *

Adobe
Google for Education
IBM
Matlab
Microsoft
Wordpress
Visual Paradigm
Opensource

Portal Application Package Repository Telkom University, for internal use only, empower civitas academica in study and research.

Information

Contact Us

Copyright © Telkom University. All Rights Reserved. ch