Allow BitLocker without a compatible TPM" error mesage, can't encrypt c drive with BitLocker

Question

Need registry editing detail to allow win11 to run bitlocker.
At the moment it is refusing to recognise that the TPM is v2 and throwing this error:
"This device cannot use a Trusted Platform Module." etc.

OS is Win11 Pro 23H2 64Bit
AV software is ESET Endpoint.
Using GP is not an option.

Answer 1

Hi Nick Coe Open the Registry Editor by pressing Win + R, typing regedit, and hitting Enter. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM and check for an entry named OSAttr. If it's not there, create a new DWORD (32-bit) Value named OSAttr and set its value to 1.

Below are similar docs I found plz have a read.

https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm https://answers.microsoft.com/en-us/windows/forum/all/tpm-20-not-being-recognized-by-windows-11/2ca4cd49-5717-42e7-b89c-201f87dac41f

If this helps kindly accept the answer thanks much.

Answer 2

Hi @Nick Coe

You can use Group policy or registry key to enable Bitlocker without TPM. But the user should have recovery key to restart his machine:

How to turn on Microsoft BitLocker Drive Encryption without a TPM (Trusted Platform Module)

https://admx.help/?Category=Windows_11_2022&Policy=Microsoft.Policies.VolumeEncryption::ConfigureAdvancedStartup_Name

Please don't forget to accept helpful answer

Answer 3

Hello,

See if this fix helps you (works with Windows 11):

https://www.kapilarya.com/fix-this-device-cant-use-a-trusted-platform-module-for-bitlocker-in-windows-10

Let us know if this helps!

Note: Included link in this reply refers to blog post by a trusted Microsoft MVP.