Fix Group Policy do not permit the user of PIN at startup

Recently one user reported that he was facing an error while encrypting the Hard Disk on his laptop, he received the following error “Group Policy settings do not permit the use of a PIN at startup. Please choose a different BitLocker startup option” (Error Code: 0x80310060). During the troubleshooting we were unable to encrypt the drive using the Command or PowerShell, the error indicates, that as per the organization policy Enabling Bitloker PIN at startup is not allowed. By default, Using BitLocker PIN at the startup is disabled by Windows Group Policy, to resolve this issue, you can enable the Local Policy Settings, or you can use a different BitLocker Startup Option. I have used option two in this article (How to Enable Bitlocker using PowerShell in Windows 11) to resolve this issue. In this article, we’ll see how to resolve this issue, by enabling the Group Policy settings. This article will guide you to Fix Group Policy do not permit the user of PIN at startup.

Fix Group Policy do not permit the user of PIN at startup:

So, this error only occurs when you try to Enable Bitlocker PIN at the startup, TPM and PIN protector together cause this issue, if you don’t want the PIN protector at the start-up, then use a different method to encrypt the drive. Check the link to enable the Bitlocker without the PIN protector. Or you have to enable the Local Group Policy Setting to configure TPM startup PIN.

Open Run command by pressing Windows + R and type gpedit.msc and hit enter, this command will open the Group Policy Editor.

Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives

From the left-hand side Click on the Operating System Drives folder, and from the right-hand side check for Require additional authentication at startup.

Double-click on Open the Policy Settings, and Choose Enabled. Click on Apply and OK.