none
Bitlocker to go unable to encrypt a drive RRS feed

  • Question

  • Hi All,

    I am trying to enable Bitlocker to go in our domain. We are running Windows 7 Enterprise. All the devices have the TPM module installed and all fixed drives have been encrypted using Bitlocker. The encryption happens as the machine is build using SCCM 2012.

    I am now trying to enable Bitlocker to go. I have set the gpo's as instructed 

    http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-to-save-bitlocker-to-go-recovery-keys-in-active-directory-part-1/

    As soon as I put in the USB drive I get an error when Bitlocker tries to encrypt the USB drive

    "Bitlocker Encryption cannot be applied to this drive because of conflicting GPO settings. When write access to drives not protected by Bitlocker is denied, the USB startup key cannot be required." Contact sys admin ......

    Is this because the hard drives are already encryted and there is a clash with the bitlocker to go encryption?

    Thanks in advance


    VB Knowledge = 0%

    Wednesday, October 1, 2014 10:15 AM

Answers

  • Hi,

    The link you pasted above is mainly about "how to save “BitLocker to Go” recovery keys in Active Directory", did you want to achieve this? As I know, to set Bitlocker To Go, we just need to insert the removable drive, then turn on bitlocker, type the passward.

    And it is obvious to understand the cause of the error message, you have denied the access to write to the drive which is not protected by Bitlocker, so we're absolutly unable store an usb startup key. but what confuses me is that why there's an usb startup key here, we usually use usb startup key when the device doesn't have an imcompatible TPM


    Yolanda Zhu
    TechNet Community Support

    Thursday, October 2, 2014 5:25 AM
    Moderator