Forum Discussion
Bitlocker setup the max attemps before need the recovery code
I'm trying to configure Bitlocker with GPO for Windows 11 H2 workstations. My need : after 4 wrong PIN code entered, the user must enter the recovery code. I've tried these GPO, without success ...
By default, BitLocker allows a maximum of 32 attempts to enter the correct PIN or password before requiring the recovery key. After these 32 attempts, the system will lock out further attempts and prompt for the recovery key to unlock the drive. Users can configure this threshold using Group Policy settings to a lower number of attempts if needed
NguyenaisThanks for your message.
As mentioned previously, I already tried the rules dedicated to the TPM :
Computer Configuration > Administrative Templates > System > Trusted Platform Module Services
- Standard User Individual Lockout Threshold : Enabled
- Maximum number of authorization failures per duration = 4
- Standard User Total Lockout Threshold : Enabled
- Maximum number of authorization failures per duration = 4
Can you tell me which GPO rules should i use?