Hi, We enable Bitlocker encryption on laptops during a MDT 2010 build with a default PIN that the user types in when he receives the laptop. We would like to user to be forced to change the default PIN to their own alphanumeric PIN at first logon. The problem is that admin rights are required to change the PIN and our users are limited to standard user account rights. I've been playing around with the EnableBitlocker.vbs script available on TechNet, but ideally we would like to drive the Manage Bitlocker UI, of course with elevated rights. Has anyone else been faced with this obstacle? I understand that Microsoft designed the admin rights requirement by design but they should have considered that most of their customers aren't not going to give admin rights to all of their employees. So here is the ask: 1: How to automate changing Bitlocker PIN after first-time user login 2: How to elevate the user rights to change the PIN 3: How to invoke the Manage Bitlocker UI instead of using EnableBitlocker.vbs Thanks RRTLife Motto #1: "Live your life like you give a damn."

Hi, The Bitlocker pin is very tricky to change and it needs the highest privilege. Here are some useful links to answer your questions: Change Bitlocker pin without Admin rights BitLocker Deployment Sample Scripts Thanks, Novak