How Can I Enable BitLocker?

tag-icon tag-icon windows windows-10 bitlocker
How Can I Enable BitLocker?

I'm using Windows 10 Pro. Tried to turn on BitLocker on C:\ drive but I got the below error:

The startup options on the PC are configured incorrectly. Contact your system administrator for more information.

Since I am my system administrator I googled the error and found tips all over the place that I have to set Group Policy Enable use of BitLocker authentication requiring preboot keyboard input on slates under Local Computer Policy - Computer Configuration - Administrative Templates - Windows Components - BitLocker Drive Encryption - Operating System Drives to Enabled. I did that, reloaded the GP (even rebooted the PC several times). But I still get the same error when trying to enable BitLocker. I couldn't find anything else to help me troubleshoot the problem. How can I enable BitLocker?

EDIT:

Output of Get-BitLockerVolume C:

   ComputerName: MyPC

VolumeType      Mount CapacityGB VolumeStatus           Encryption KeyProtector              AutoUnlock Protection
                Point                                   Percentage                           Enabled    Status
----------      ----- ---------- ------------           ---------- ------------              ---------- ----------
OperatingSystem C:        345.01 FullyDecrypted         0          {}                                   Off

EDIT2:

Tried to enable BitLocker from powershell, got the below error:

PS C:\Windows\system32> Enable-Bitlocker -MountPoint c: -RecoveryKeyPath "D:\Recovery\" -RecoveryKeyProtector
Add-TpmProtectorInternal : BitLocker Drive Encryption cannot be enabled on the operating system drive. Contact the
computer manufacturer for BIOS upgrade instructions. (Exception from HRESULT: 0x80310048)
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:2095 char:31
+ ...   $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal

答案1

I believe it has something to do with TPM issues/BIOS issues. You (probably) can end up using a USB to decrypt it, hence not requiring a working TPM...

We ended up resetting BIOS defaults and rebuilding a bunch of machines with this error, which seem to have fixed it for them.

Painful, but seems to work.

Did this PC have 2 drives (c:\ & d:) ? Wondering if the extra partition is somehow borking it, but havent managed to narrow it down further

相关内容