New-CMEnhancedPIN
Create a policy to configure whether BitLocker can use enhanced startup PINs.
Syntax
New-CMEnhancedPIN
[-PolicyState <State>]
[-RequireAsciiOnlyPin]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]Description
Create a policy to configure whether BitLocker can use enhanced startup PINs. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker.
Not all computers support enhanced PINs in the pre-boot environment. Before you enable this policy, evaluate if your devices are compatible with it. Use the -RequireAsciiOnlyPin parameter to help make enhanced PINs more compatible with computers that limit the type or number of characters that you can enter in the pre-boot environment.
Examples
Example 1: New default enabled policy
This example creates a policy that's enabled to allow enhanced PINs for startup.
New-CMEnhancedPIN -PolicyState EnabledExample 2: New enabled policy with ASCII-only PIN
This example creates a policy that's enabled but restricts PINs to the ASCII character set.
New-CMEnhancedPIN -PolicyState Enabled -RequireAsciiOnlyPinParameters
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy, all new BitLocker startup PINs will be enhanced PINs.DisabledorNotConfigured: If you disable or don't configure this policy, BitLocker won't use enhanced PINs.
| Type: | State |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RequireAsciiOnlyPin
Use this parameter to help make enhanced PINs more compatible with computers that limit the type or number of characters that you can enter in the pre-boot environment.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
Microsoft.ConfigurationManagement.AdminConsole.BitlockerManagement.PolicyObject
Related Links
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for