Can't add password not pin protection to TPM device with BitLocker

1

I have to activate BitLocker on a TPM device with password.

The first thing I did was to activate “Require Additional Authentication at Startup” from the GPO. Then I right clicked C: to activate BitLocker. The first step on a BitLocker activation is to choose the way BitLocker decrypts the device. In my case it immediately jumped to choosing a way to back up the recovery key. I saved the file and encrypted it.

I typed manage-bde -protectors -get c: to see the key protectors and there was only TPM. Then to add a PIN I typed manage-bde -protectors -add c: -TPMandPIN. This got me the following error code: 0x80310060 saying the GPO does not allow use of PIN at startup, although “Require Additional Authentication at Startup” is activated. I tried fixing it by activating other GPOs, didn't work.

I moved on with manage-bde -protectors -add c: -pw to give BitLocker a password at startup. I got error code 0x8031006a saying that the GPOs don't allow the creation of passwords. For this I enabled all password GPOs for BitLocker and nothing worked.

I followed tutorials without success. I deactivated TPM from Windows and the BIOS. When I tried to enable BitLocker it said that TPM will be activated after the operation and so on. I even removed the back to try and take out the TPM, sadly couldn't see it.

Is there anything else for me to do to solve this? Thanks for help in advance.

windows
encryption
password-protection
bitlocker
asked on Stack Overflow Nov 19, 2019 by user12398266 • edited Nov 19, 2019 by user12398266

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0