Edit

ChangePIN method of the Win32_EncryptableVolume class

  • Article

The ChangePIN method of the Win32_EncryptableVolume class changes the PIN associated with an encrypted volume. If the "Allow enhanced PINs for startup" group policy is enabled, a PIN can contain letters, symbols, and spaces in addition to numbers.

Syntax

uint32 ChangePIN(
  [in] string VolumeKeyProtectorID,
  [in] string NewPIN
);

Parameters

VolumeKeyProtectorID [in]

Type: string

The unique string identifier used to manage an encrypted volume key protector.

NewPIN [in]

Type: string

A user-specified personal identification string. This string must consist of a sequence of 4 to 20 digits or, if the "Allow enhanced PINs for startup" group policy is enabled, 4 to 20 letters, symbols, spaces, or numbers.

Return value

Type: uint32

This method returns one of the following codes or another error code if it fails.

Return code/value Description
S_OK
0 (0x0)
 The method was successful.
FVE_E_BOOTABLE_CDDVD
2150694960 (0x80310030)
 A bootable CD/DVD is found in this computer. Remove the CD/DVD and restart the computer.
FVE_E_INVALID_PIN_CHARS
2150695066 (0x8031009A)
 The NewPIN parameter contains characters that are not valid. When the "Allow enhanced PINs for startup" Group Policy is disabled, only numbers are supported.
FVE_E_INVALID_PROTECTOR_TYPE
2150694970 (0x8031003A)
 The VolumeKeyProtectorID parameter does not refer to a key protector of the type "Numerical Password" or "External Key". Use either the ProtectKeyWithNumericalPassword or ProtectKeyWithExternalKey method to create a key protector of the appropriate type.
FVE_E_LOCKED_VOLUME
2150694912 (0x80310000)
 The volume is locked.
FVE_E_NOT_ACTIVATED
2150694920 (0x80310008)
 BitLocker is not enabled on the volume. Add a key protector to enable BitLocker.
FVE_E_POLICY_INVALID_PIN_LENGTH
2150695016 (0x80310068)
 The NewPIN parameter supplied is either longer than 20 characters, shorter than 4 characters, or shorter than the minimum length specified by Group Policy.
FVE_E_PROTECTOR_NOT_FOUND
2150694963 (0x80310033)
 The provided key protector does not exist on the volume.
TBS_E_SERVICE_NOT_RUNNING
2150121480 (0x80284008)
 No compatible Trusted Platform Module (TPM) is found on this computer.

 

Remarks

The ChangePIN method creates a new TPM and PIN protector based on the existing protector information and the newly provided PIN. The new protector will have the same GUID. The ChangePIN method can also be called to change the PIN of any key protector that uses a PIN, for example, TPM and PIN or TPM with PIN and USB.

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).

Requirements

Requirement Value
Minimum supported client
 Windows 7 Enterprise, Windows 7 Ultimate [desktop apps only]
Minimum supported server
 Windows Server 2008 R2 [desktop apps only]
Namespace
 Root\CIMV2\Security\MicrosoftVolumeEncryption
MOF
Win32_encryptablevolume.mof

See also

Win32_EncryptableVolume