BitLocker on Windows 10 1803


  • I tried to enable BitLocker on a newly installed Windows 10 1803 notebook.
    GPO is set to use the TPM module and store the recovery key in Active Directory. This works fine with Windows 10 1703 and Windows 10 1709 but fails on the newly released Windows 10 1803.

    It now complains about the AD Schema and cancels the encryption.

    Thursday, May 03, 2018 10:52 AM

All replies

  • Same issue on my side, working with 1703 and 1709 but not with 1803.

    We should wait for new .admx files related to version 1803 to make it fully compatible.

    Thursday, May 03, 2018 12:34 PM
  • I've just encountered this too..

    Just currently rolled back with the new DISM command

    DISM /Online /Initiate-OSUninstall 

    Took a couple of minutes, but I can now encrypt again and then apply the update. 

    Thursday, May 03, 2018 2:33 PM
  • SOLVED : Install new administrative template files TPM.admx and TPM.adml from the new windows 1803 image to your AD.

    - Mount the image using the image using DISM tool. (image file can be found at sources\install.wim on the 1803 iso)

    - .admx and .adml files can be found from mountdir\windows\policydefinitions

    - install like you would do any administrative template install to\SYSVOL\\Policies\PolicyDefinitions

    Friday, May 04, 2018 12:34 PM
  • Updating the admx files does not seem to help here. I still get the same error.
    Monday, May 07, 2018 8:16 AM
  • Hi,

    We haven’t heard from you for a couple of days, have you solved the problem?  

    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact

    Friday, May 11, 2018 6:30 AM
  • There is a post on reddit where others have confirmed that if using a domain account which is a member of the local administrators group then the information is stored correctly. The user does not need to be a domain administrator. 

    Friday, May 11, 2018 9:07 AM
  • I have been experiencing this same problem with Windows 10 1803, latest ADK. I can enable bitlocker when using a domain user account as suggested by Linkazoid however would like to know if anyone has any other solutions to continue to use a local account?

    How have people integrated using a domain account for bitlocker into their TS? 

    • Edited by KyleITW Thursday, May 17, 2018 3:36 PM
    Thursday, May 17, 2018 3:36 PM
  • Is there still no fix for this yet?
    Tuesday, June 05, 2018 6:26 AM
  • Works here without needing to change anything. Win10 1803, Server 2016 AD.
    Tuesday, June 05, 2018 7:00 AM
  • Works here without needing to change anything. Win10 1803, Server 2016 AD.
    Well thats great for you... meanwhile the rest of us with the problem are still looking for an answer.
    Tuesday, June 05, 2018 12:59 PM