none
Bitlocker - Second attempt to encrypt OS drive fails with "Group Policy settings require that a recovery password be specified before encrypting the drive" RRS feed

  • Question

  • Hello Everyone,

    we are testing Windows 10 in our organization. We have a Group policy for bitlocker that works well on Windows 7. The policy uses "Turn on TPM backup to Active Directory". Under "Require additional authentication at Startup" we have set

    The policy "Choose how bitlocker-protected operating System drives can be recovered" is set to:

    When using this policy on Windows 10 we can encrypt the operating system drive without a problem the first time around. The key is archived in our active Directory and a TPM object is created under "TPM devices". When we decrypt the drive and try to encrypt it a second time we get

    "Group Policy settings require that a recovery password be specified before encrypting the drive"

    This behaviour is reproducable on currently three systems (one Dell Laptop, one Surface 3 and one Surface 4). We have tried to clear and reclaim the TPM but this did not help.

    Does anyone have an idea?

    Thanks & Regards

    HarryNew

    Wednesday, May 11, 2016 3:12 PM

Answers

All replies