Starting BitLocker dialog box displays: "The Group Policy settings for BitLocker startup options are in conflict and cannot be applied."
I had BitLocker enabled on the C: drive on my PC with the TPM enabled in the BIOS and it worked, but I could not get it to wirk with TPM and a PIN. I had changed the Group Policy "Allow additional authentication at startup" to Allow TPM and Require startup PIN with TPM, and run:
manage-bde -protectors -delete C: -type tpm
manage-bde -protectors -add C: -TPMandPIN
Nothing worked - every combination I tried for different values for the GPO settings and manage-bde commands with BitLocker suspended or active returned a GPO error.
I turned BitLocker off, hoping that if I enabled it with the GPO set correctly before BitLocker was enabled, it would work with a PIN. Now when I enable it, I get the GPO error above. I have disabled the GPO setting, and still get the error.
Is there any way to get BitLocker to work at this point - other than reinstalling Windows or restoring from a backup? At this point, if it will not work with a PIN, that is ok.
- 編集済み unavailable 2012年5月4日 23:37
2012年5月5日 23:16Sounds like your Group Policy settings need to be modified: http://4sysops.com/archives/active-directory-and-bitlocker-part-7-tips-and-troubleshooting/
2012年5月5日 23:50I restored a backup, and was able to turn BitLocker back on - but no combination of GPO options I have tried has let me use a PIN and TPM. That would be another thread, though. This should not be this difficult.
- 回答としてマーク Alex ZhaozxMicrosoft Contingent Staff, Moderator 2012年5月7日 7:08