PIN and passwords

Requirements for BitLocker PINs and passwords are defined by Windows Group Policies, not by SafeGuard Enterprise settings.
Note: Passwords are only supported with Windows 8 or higher.

The relevant settings for passwords can be found in the Local Group Policy Editor (gpedit.msc):

Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Configure use of passwords for operating system drives and

Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives > Configure use of passwords for fixed data drives.

The settings can also be applied via Active Directory.

PINs usually consist of numbers only, but it is possible to allow the use of all keyboard characters (numbers, letters as well as special characters/symbols). The setting to allow these enhanced PINs can be found in the Local Group Policy Editor (gpedit.msc) under Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives:

If "Allow enhanced PINs for startup" is set to "enabled", enhanced PINs are allowed.

If "Allow enhanced PINs for startup" is set to "not configured", SafeGuard Enterprise will allow enhanced PINs.

If "Allow enhanced PINs for startup" is set to "disabled", enhanced PINs are not allowed.

Note: BitLocker supports the EN-US keyboard layout only. Therefore, users might have problems when entering enhanced PINs or complex passwords. Unless they changed their keyboard layout to EN-US before they specified their new BitLocker PIN or password, users may need to press a different key to what is displayed on their keyboard in order to enter the character they want. Therefore, before encrypting the boot volume, a reboot is performed to ensure that the user can enter the PIN or password correctly at boot time.