Windows 10: Users are getting error to Set Bitlocker Password Complexity, The password compexity is...

Also checked and verified secure boot is On, But we can't use TPM due to China region restrictions. We following MBAM_PIN policy only. BIOS also updated and set to defult still the error same. No change in GPO as well.

:)

 

Getting bitlocker to accept my valid passwords

I am not sure if this is the right place to post bitlocker issues but I was not able to find any forum titled encryption apps or similars so I have placed it here
======================================================
I have attempted to use BitLocker to encrypt a bootable win 10 pro (latest anniversary edition ver) drive on numerous occasions with a NON TPM group policy setup (“Require additional authentication at startup” setting has been enabled and the “allow BitLocker without a compatible TPM” option has been selected) which uses a USB drive or a password for drive entry after encryption is successful.

Unfortunately, I can never get to encrypt the drive because Bitlocker keeps on saying “incorrect password“ regardless of what VALID (and verified matched) password I setup with BitLocker. I have used 8 or more characters which included upper case chars, lowercase chars, numeric digits and even included non-alphanumeric chars like “$” etc.

I have also attempted very simple password cases like only using lower case chars and numbers etc. all without success. So basically, every conceivable valid password combination has been attempted.

These distinct simple and complex password iterations have been aligned with the following group policy selected options in order to make them acceptable to the Bitlocker system:

Within the group policy folders, I have set up the password policy for an operating system drive for a minimum length of 8 chars and have executed ALL the following distinct policy settings combinations:

[1] Enabled the “configure use of passwords for operating system drives” setting and have set up the password complexity setting to be “Do not allow password complexity”.

[2] Did not configure the password policy.

[3] Disabled the “configure use of passwords for operating system drives” setting.

I determined that executing any of the three cases above causes the “Password must meet complexity requirements” setting to be ignored EVEN if enabled. Therefore cases [1] through [3] cover “simple” password entry scenarios like entering only 8 lower case chars etc.

[4] Enabled the “configure use of passwords for operating system drives” setting and set up the password complexity setting to be “allow password complexity” in a system without domain controllers (my single user PC system). In this case, the complexity of the password requirement format is dependent on the whether the “password must meet complexity requirements” is enabled or not.

In case [4] when the “password must meet complexity requirements” setting was enabled the Bitlocker system prompted to me to enter more complex password entries lower case chars and upper case chars, numerical digits and non-alphabetic char combinations (three out of the four categories are required)

[5] The selection of the password complexity setting to “Require password complexity” was not a valid choice because I am on a single user PC system and therefore there are NO domain controllers to interface. Attempting this just yields a Bitlocker “no domain controllers complaint” at the point one is setting their password etc.

Therefore, regardless of any or all of the group policy combinations previously specified and used in conjunction with my related valid password entries, Bitlocker never gets to the encryption stage because it ALWAYS states “INCORRECT PASSWORD”.

I am hoping someone else has previously run into this very annoying case when setting up Bitlocker for a whole operating system drive encryption and can give me some guidance for resolution since in this password rejection state, you pretty much are going nowhere with Bitlocker.

I have already spent over six hours on this with enormous amounts of google searches leading nowhere.

My last closing “thinking out loud” comment at this point is,

[1] is there the possibility of an enabled default BitLocker group policy that precludes all and any valid passwords to be ignored or rejected by Bitlocker that needs to be disabled?

[2] Is there a Bitlocker related registry key setting that is precluding all valid passwords from being accepted by Bitlocker that needs to be modified?

Thanks ahead for any guidance on this matter.

 

Getting bitlocker to accept my valid passwords

I have attempted to use BitLocker to encrypt a bootable win 10 pro (latest anniversary edition ver) drive on numerous occasions with a NON TPM group policy setup (“Require additional authentication at startup” setting has been enabled and the “allow
BitLocker without a compatible TPM” option has been selected) which uses a USB drive or a password for drive entry after encryption is successful.

Unfortunately, I can never get to encrypt the drive because Bitlocker keeps on saying “incorrect password“ regardless of what VALID (and verified matched) password I setup with BitLocker. I have used 8 or more characters which included upper case chars,
lowercase chars, numeric digits and even included non-alphanumeric chars like “$” etc.

I have also attempted very simple password cases like only using lower case chars and numbers etc. all without success. So basically, every conceivable valid password combination has been attempted.

These distinct simple and complex password iterations have been aligned with the following group policy selected options in order to make them acceptable to the Bitlocker system:

Within the group policy folders, I have set up the password policy for an operating system drive for a minimum length of 8 chars and have executed ALL the following distinct policy settings combinations:

[1] Enabled the “configure use of passwords for operating system drives” setting and have set up the password complexity setting to be “Do not allow password complexity”.

[2] Did not configure the password policy.

[3] Disabled the “configure use of passwords for operating system drives” setting.

I determined that executing any of the three cases above causes the “Password must meet complexity requirements” setting to be ignored EVEN if enabled. Therefore cases [1] through [3] cover “simple” password entry scenarios like entering only 8 lower
case chars etc.

[4] Enabled the “configure use of passwords for operating system drives” setting and set up the password complexity setting to be “allow password complexity” in a system without domain controllers (my single user PC system). In this case, the complexity
of the password requirement format is dependent on the whether the “password must meet complexity requirements” is enabled or not.

In case [4] when the “password must meet complexity requirements” setting was enabled the Bitlocker system prompted to me to enter more complex password entries lower case chars and upper case chars, numerical digits and non-alphabetic char combinations
(three out of the four categories are required)

[5] The selection of the password complexity setting to “Require password complexity” was not a valid choice because I am on a single user PC system and therefore there are NO domain controllers to interface. Attempting this just yields a Bitlocker
“no domain controllers complaint” at the point one is setting their password etc.

Therefore, regardless of any or all of the group policy combinations previously specified and used in conjunction with my related valid password entries, Bitlocker never gets to the encryption stage because it ALWAYS states “INCORRECT PASSWORD”.

I am hoping someone else has previously run into this very annoying case when setting up Bitlocker for a whole operating system drive encryption and can give me some guidance for resolution since in this password rejection state, you pretty much are
going nowhere with Bitlocker.

I have already spent over six hours on this with enormous amounts of google searches leading nowhere.

My last closing “thinking out loud” comment at this point is,

[1] is there the possibility of an enabled default BitLocker group policy that precludes all and any valid passwords to be ignored or rejected by Bitlocker that needs to be disabled?

[2] Is there a Bitlocker related registry key setting that is precluding all valid passwords from being accepted by Bitlocker that needs to be modified?

Thanks ahead for any guidance on this matter.

.

 

How to get user message to be prompted while resetting windows password like password length and complexity

Hi Team,

We have set group policy password complexity and 18 character password. While we entered Ctrl +Alt+Del user password change window page we need the message to be prompted like 18 digit character with password complexity user need to set the password.

Thanks

veerendra