Share via

Bitlock Help / Advice

Josh Hallett 21 Reputation points
2025-04-15T15:55:26.1966667+00:00

Hi Everyone,

I have a customer who has to have bit locker turned on so we turned it on but I cant seem to figure out why Server 2022 keeps asking for the password when it boots ... The only servers 2019 don't do that and have an option in the control panel for boot options ... Screenshot 2025-04-15 114435.jpg

So need some advice / help to figured out who to get 2022 to boot without asking for the password ..

Thoughts ?

Windows for business | Windows Server | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Domic Vo 21,390 Reputation points Independent Advisor
    2025-08-10T06:39:43.3133333+00:00

    Dear Josh Hallett,

    Thank you for reaching out regarding the BitLocker behavior on your Windows Server 2022 system. I understand the concern — especially since your Server 2019 machines are booting without prompting for a password, while Server 2022 consistently asks for it.

    Understanding the Behavior

    By default, BitLocker requires authentication at boot if no compatible Trusted Platform Module (TPM) is available or properly configured. The difference you're seeing between Server 2019 and Server 2022 may be due to:

    TPM Configuration or Availability

    Server 2019 may have TPM enabled and integrated with BitLocker, allowing seamless boot.

      Server 2022 might not be detecting or using TPM correctly, hence prompting for a password.

  
  **Group Policy Settings**

  
     BitLocker startup behavior is controlled via Group Policy. If Server 2022 lacks the correct policy configuration, it may default to password prompt.

     
     **Missing Boot Options UI**

     
        The Control Panel option you mentioned in Server 2019 was part of the legacy BitLocker UI. In Server 2022, much of this has been moved to PowerShell or Group Policy.
B) **Recommended Steps to Resolve**

To allow Server 2022 to boot without prompting for a password, try the following:

**Verify TPM Presence and Status**

   Run tpm.msc to confirm TPM is present, enabled, and ready.

    If TPM is available, ensure BitLocker is set to use it for authentication.

    Configure Group Policy for BitLocker Startup

     Open gpedit.msc and navigate to: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives


 
    Set **"Require additional authentication at startup"** to **Enabled**, and check:


    
          Allow BitLocker without a compatible TPM: **Unchecked**


          
                Configure to use TPM only (no PIN or password)


                
                **Use PowerShell to Reconfigure BitLocker**
``````If TPM is available, you can run: powershell manage-bde -protectors -add C: -tpm

manage-bde -protectors -delete C: -password

- This removes the password protector and adds TPM-based authentication.

**Check BIOS/UEFI Settings**

   Ensure TPM is enabled and set to "Active" in the BIOS.

    Secure Boot should also be enabled for full BitLocker integration. I hope this helps,

    Best regards,

    Domic Vo

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.