Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, September 16, 2018 4:45 AM
I recently built a new PC and while the Asus ROG Maximus Hero X did not originally come with a TPM module, I have since purchased one and installed it today. BIOS recognized it just fine and it does show up in Windows as well. The problem is occurring when I attempt to turn Bitlocker on and I get the message referenced above in the subject. Now, I am the only user here and I did research this error and the only thing I could come up with was referencing the Administrative Policies and the options therein. The only item I found relevant was under Local Computer Policy/Computer Configuration/Administrative Templates/System/BitLocker Drive Encryption/Operating System Drives, and enabled the option called, Configure use of hardware-based encryption for operating system drives." I was just basically guessing and enabling that had no effect and the error persists.
Can someone please help me configure this for use with just one person on this one computer. It can't be this difficult can it?
All replies (12)
Monday, September 17, 2018 4:57 AM
Hi,
Thanks for your post in our forum.
Please try to enable the following gpo to see if it helps:
Enable use of BitLocker authentication requiring preboot keyboard input on slates in GPO.
Path: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives
Hope this can help you.
Best Regards,
Otto Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, September 18, 2018 4:36 PM
Before I do this, I have a question. When I read through the google forums I did find that gpo often used but in every case, it was in reference to laptops. Is this required for desktops as well?
Wednesday, September 19, 2018 2:06 AM
Hi,
Thanks for your reply.
Yes, it is also work on the desktop.
Best Regards,
Otto Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, September 19, 2018 5:05 AM
I enabled the option as suggested above and restarted the computer. When I attempt to turn on Bitlocker, I get the same message; The startup options on this PC are configured incorrectly. Contact your system administrator for more information.
Please let me know what to try next. Thank you.
Friday, September 21, 2018 1:59 AM
Hi,
Thanks for your patience.
According to your description, we think that the configuration of bitlocker is normal from the settings.
And the issue should be caused by the TPM, and this is a third-party product, we suggest you contact the third-party product company, they should be helpful.
Thanks for your understanding and support.
And if we have any workaround and solution, we will reply yo you as soon as possible.
Best Regards,
Otto Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Sunday, September 23, 2018 3:16 AM
I wanted to point out something I found under the, "TPM Management on Local Computer" window.
Under, "Status" it reads:
The TPM is ready for use, with reduced functionality. Information Flags: )x80000
The TCG event log is empty or cannot be read.
Does this mean anything to anyone? Under the Available Options section below that it reads, You may clear the TPM to remove ownership and reset the TPM to factory defaults. Of course, I have tried that 3 times already. Just fyi for future issues with anyone else, under TPM Manufacturer Information, it reads, Manufacturer Name: IFX Manufacturer Version: 5.63.3353.0 Specification Version: 2.0
Edit: I found the following link and would like to know if Post 24 might have any relevance in my case. My C drive's partitions are MBR but there are two of them on the C drive so not sure that this applies:
Tuesday, September 25, 2018 5:58 AM
Hi,
Thanks for your reply.
Yes, according to below link, we think it has relevance, we must use UEFI mode if we installed TPM version2.0
On a Windows Server-based operating system, you have the operating system installed in Legacy MBR mode (PC/AT) with Trusted Platform Module (TPM) version 2.0. In this situation, you receive a message in the TPM user interface stating that "The TPM is ready for use, with reduced functionality."
Best Regards,
Otto Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, September 28, 2018 3:08 AM
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Otto Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, October 1, 2018 5:19 AM
Hi,
Was your issue resolved?
If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If no, please reply and tell us the current situation in order to provide further help.
Best Regards,
Otto Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, April 29, 2019 2:10 PM
https://www.youtube.com/watch?v=LfLLIrG_SD4
Thursday, June 6, 2019 5:50 PM | 1 vote
run gpedit
Local computer policy> computer configuration > administrative templates > Windows Components > bitlocker drive encryption > Operating system drives
Require additional authentication at startup
Enable
Thursday, June 6, 2019 5:50 PM | 1 vote
run gpedit
Local computer policy> computer configuration > administrative templates > Windows Components > bitlocker drive encryption > Operating system drives
Require additional authentication at startup
Enable