I've just been going through the BitLocker FAQ (http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx). To offer the appropriate level of protection, whole disk encryption with pre-boot authentication needs to be used. Having read the FAQ, unless I'm mistaken, BitLocker does not seems to support multi user pre-boot authentication unless USB flash drives are used to store "startup keys". Please can you clarify that this is the case? David Nudelman MVP: Windows Expert - IT Pro MCSE, MCTS: Vista, Windows 7, Exchange 2007 MCITP: Windows Server 2008 Web: http://geeks.ms/blogs/dnudelman

If you are talking about pre-boot authentication, you can use TPM+PIN as protector, but the PIN has to be shared between all the users who will use that machine. PIN is a numeric number and PIN length can be configured using the GPO. If you are already using TPM as a protector you can change the protector to TPM + PIN by using manage-bde command. I hope this helps.Manoj Sehgal

Hi, I am just writing to check the status of this thread. Was the information provided in previous reply helpful to you? Do you have any further questions or concerns? Please feel free to let us know. Regards, Alex Zhao TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Regards, Alex Zhao TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Here is some additional information for FIPS compliance. The company that I work for is considering using BitLocker but we are trying to determine how multiple users would login at the PBA screen or administrators for that matter. For example, as an administrator, would I need to ask the user for their PIN? Can multiple PIN's be used for authentication? http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1332.pdf