diff --git a/Group Policies Objects/Bitlocker.md b/Group Policies Objects/Bitlocker.md
index 74e3b16..15e7649 100644
--- a/Group Policies Objects/Bitlocker.md	
+++ b/Group Policies Objects/Bitlocker.md	
@@ -8,6 +8,7 @@ Choose drive encryption method and cipher strength-> Enable -> XTS-AES 256-bit f
 
 ## Operating System Drives
 
+- Disallow standard users from changing the PIN or password -> Enabled
 - Require additional authentication at startup -> Enabled -> Do not allow TPM, Allow startup PIN with TPM, Do not allow startup key with TPM, Allow startup key and PIN with TPM. (**This is especially important as we do not want the TPM to automatically release the encryption key at boot.**)
 - Allow enhanced PINs for startup -> Enabled.
 - Configure TPM platform validation profile for native UEFI firmware configurations -> Enabled -> PCR 0,1,2,3,3,4,5,6,7,11
\ No newline at end of file