Fix “This device can’t use a Trusted Platform Module” When Enabling BitLocker
We’ll also explain what the heck it means
I recently tried to enable BitLocker on an old Windows 10 PC at home and got an error message that I found would be extremely cryptic to anyone who isn’t a computer geek. Here was the message:
This device can’t use a Trusted Platform Module. Your administrator must select the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.
Say what!? Most people will probably just cancel the operation and forget about the whole thing with a message like that. Unfortunately, Microsoft never makes error messages clear and simple to understand. Let’s break it down.
1.Trusted Platform Module (TPM)– This is basically a chip in newer processors that has extra security features. When BitLocker uses TPM, it stores the encryption key on the chip itself. If you don’t have a CPU that supports TPM, then you can still use BitLocker, but you’ll have to store the encryption key on a USB stick.
2.Administrator Policy– So what’s all the stuff about selecting X and Y policy for OS volumes? Basically, it’s a group policy setting that has to be changed that will allow BitLocker to work without the TPM requirement.
The fix is pretty straight-forward, just follow the instructions and don’t make any other changes.
Allow BitLocker Without Compatible TPM
Step 1– Open the group policy editor by pressing theWindows Key + Ror by clicking on Start in Windows 10 and typing inRun. In the Run dialog box, go ahead and type ingpedit.mscand press Enter.
Now expand to the following section under group policy:
On the right-hand side, you will see an option calledRequire additional authentication at startup. Go ahead and double-click on that option.
By default, it is set toNot Configured, so you’ll have to click on theEnabledradio button. Automatically, it should check theAllow BitLocker without a compatible TPMbox, but if not, make sure to check it.
Click OK and then close out group policy. Now go back to the BitLocker screen and click theTurn on BitLockerlink.
Now instead of getting an error message, you should see the BitLocker setup screen. When you click Next, it’ll start setting up your hard drive for BitLocker.
Again, there is no real security disadvantage to using BitLocker without a TPM, it’s just that the encryption key has to be stored on a USB drive instead of being stored on the chip itself. If you’re still having issues enabling BitLocker on Windows 8 or Windows 10, post a comment and let us know. Enjoy!
Founder of Help Desk Geek and managing editor. He began blogging in 2007 and quit his job in 2010 to blog full-time. He has over 15 years of industry experience in IT and holds several technical certifications.Read Aseem’s Full Bio
Leave a Reply
Your email address will not be published.Required fields are marked*
Comment*
Name*
Email*
Website
Welcome to Help Desk Geek- a blog full of tech tips from trusted tech experts. We have thousands of articles and guides to help you troubleshoot any issue. Our articles have been read over 150 million times since we launched in 2008.
HomeAbout UsEditorial StandardsContact UsTerms of Use
Copyright © 2008-2024 Help Desk Geek.com, LLC All Rights Reserved
