BitLocker refuses to enable

Question

Windows 10 Pro on Dell Optiplex 5040

Domain-joined

No TPM

I have tried repeatedly to enable BitLocker on this machine and all attempts have failed. The majority of suggestions point me to gpedit.msc > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication at startup (and be sure "Allow BitLocker without a compatible TPM" option is checked). The option is checked and the GPO enabled, however, I still receive the error "This device can't use a Trusted Platform Module. Your administrator must set the "Allow BitLocker without a compatible TPM" option in the "Require additional authentication at startup" policy for OS volumes."

We don't have any other computers with this issue, though, to be fair, this is one of the only computers without TPM. What else can be done?

Answer 1

This is definitely an odd one.

I would remove and readd the machine to the domain.

When policies don't want to take I normally try that.

Answer 2

SarahKong: Inserting a flash drive would help if I could at least get past the error that the GPO isn't set. Step 1 (Enable BitLocker) in the article you specified is where my issue lies ... I can't even turn on BitLocker. Step 3 is where the flash drive would come into play, but I can't get past step 1.

Andrea Da Costa: We don't set these GPOs in our domain, and I've tried gpupdate /force and a reboot to no effect.

Answer 3

Open Start, type: CMD

Right click CMD

Click Run as administrator

Type in at the prompt OR Copy and Paste these one at a time : (Hit enter after each)

gpupdate /force

I would also recommend you restart your computer after executing this command.

Answer 4

Do you have a USB flash drive attached to the PC?

You will need that to store the PIN in hash.

see the blog below for detailed steps.

https://blogs.technet.microsoft.com/hugofe/2010...

Let me know if that works.