How Can I Enable BitLocker?

1

I'm using Windows 10 Pro. Tried to turn on BitLocker on C:\ drive but I got the below error:

The startup options on the PC are configured incorrectly. Contact your system administrator for more information.

Since I am my system administrator I googled the error and found tips all over the place that I have to set Group Policy Enable use of BitLocker authentication requiring preboot keyboard input on slates under Local Computer Policy - Computer Configuration - Administrative Templates - Windows Components - BitLocker Drive Encryption - Operating System Drives to Enabled. I did that, reloaded the GP (even rebooted the PC several times). But I still get the same error when trying to enable BitLocker. I couldn't find anything else to help me troubleshoot the problem. How can I enable BitLocker?

EDIT:

Output of Get-BitLockerVolume C:

   ComputerName: MyPC

VolumeType      Mount CapacityGB VolumeStatus           Encryption KeyProtector              AutoUnlock Protection
                Point                                   Percentage                           Enabled    Status
----------      ----- ---------- ------------           ---------- ------------              ---------- ----------
OperatingSystem C:        345.01 FullyDecrypted         0          {}                                   Off

EDIT2:

Tried to enable BitLocker from powershell, got the below error:

PS C:\Windows\system32> Enable-Bitlocker -MountPoint c: -RecoveryKeyPath "D:\Recovery\" -RecoveryKeyProtector
Add-TpmProtectorInternal : BitLocker Drive Encryption cannot be enabled on the operating system drive. Contact the
computer manufacturer for BIOS upgrade instructions. (Exception from HRESULT: 0x80310048)
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:2095 char:31
+ ...   $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal
windows
windows-10
bitlocker
asked on Super User Jun 15, 2019 by amyassin • edited Jun 16, 2019 by amyassin

1 Answer

1

I believe it has something to do with TPM issues/BIOS issues. You (probably) can end up using a USB to decrypt it, hence not requiring a working TPM...

We ended up resetting BIOS defaults and rebuilding a bunch of machines with this error, which seem to have fixed it for them.

Painful, but seems to work.

Did this PC have 2 drives (c:\ & d:) ? Wondering if the extra partition is somehow borking it, but havent managed to narrow it down further

answered on Super User Nov 4, 2020 by user1237509

User contributions licensed under CC BY-SA 3.0