Note: Do not allow both startup PIN and startup key options to hide the advanced page on a computer with a TPM. If you require the startup PIN, you must not allow the startup key. Important: If you require the startup key, you must not allow the startup PIN. Require additional authentication at startup (Windows Server 2008 and Windows Vista) Enabled Require additional authentication at startup EnabledĪllow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)Ĭonfigure TPM startup PIN: Allow startup PIN with TPMĬonfigure TPM startup key: Allow startup key with TPMĬonfigure TPM startup key and PIN: Allow startup key and PIN with TPM Windows Components/BitLocker Drive Encryption/Operating System Drivesĭisallow standard users from changing the PIN or password EnabledĮnforce drive encryption type on operating system drives Enabled Select the encryption type: Used Space Only encryption This problem was solved in my case by creating a new GPO with the following settings:Įnforce drive encryption type on fixed data drives Enabled I am not sure if changing the AD Setting will help the TS sequence, did not try it yet. NOT SURE what are the consequences of doing this? How do you have your settings concerning BitLocker. When "Omit recovery options from the Bitlocker setup wizard" is checked this error appears, when I remove the checkmark and move it to "Save Bitlocker recovery information to AD DS for operating system" I can turn on BitLocker BUT I AM I found an existing GPO which takes care of our machines and in this GPO there are currently these settings in effect: Backup to Active Directory must be turned on or the use of data recovery agents enabled for recovery". "There are conflicting settings for recovery options. The TS ends, and Windows and programs are installed, but when I want to activate BitLocker on C: Driver I get this error message: TPM is turned on in BIOS, as well as secure boot and we are talking about Leonovo T580 NB.
All I know is that we have a separate MBAM Server in our domain. But this step fails with 0x00000001 error message. We use SCCM 2012 do deploy our machines, and we use "StartMBAMEncryption" step to active BitLocker during TS. I hope that somebody can help me with this because I inherited SCCM like this and been having this issue since I entered the company.
0 kommentar(er)
