Windows 10: Cannot enable BitLocker, device can't use TPM

I have two drives, one stores the OS and the other stores other files. I have BitLocker enabled on the second drive but cannot seem to enable it on the first drive containing the OS. Please see error message below. I have a TPM chip installed on my board.. so I do not see what the issue is. BitLocker on the second drive is using the TPM module, and to my knowledge you can store more than 1 key on the chip.. Please see second image for more info on the TPM admin..











:)

 

Bitlocker without TPM

Hi there,

I'm trying to use Bitlocker without TPM

My version is Windows 10 Home, and I try to follow -

To turn on BitLocker Drive Encryption on a computer without a compatible TPM

1. Click Start, type gpedit.mscin the Start Search box, and then press ENTER.
2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
3. In the Local Group Policy Editor console tree, click Local Computer Policy, click Administrative Templates, click Windows Components, and then clickBitLocker Drive Encryption.
4. Double-click the setting Control Panel Setup: Enable Advanced Startup Options.
5. Select the Enabled option, select the Allow BitLocker without a compatible TPM check box, and then click OK.

You have changed the policy setting so that you can use a startup key instead of a TPM.

1. Close the Local Group Policy Editor.
2. To force Group Policy to apply immediately, you can click Start, typegpupdate.exe /forcein the Start Search box, and then press ENTER.
3. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.
4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
5. On the BitLocker Drive Encryption page, click Turn On BitLocker. This will only appear with the operating system volume.
6. On the Set BitLocker Startup Preferences page, select the Require Startup USB Key at every startup option. This is the only option available for non-TPM configurations. This key must be inserted each time before you start
   the computer.
7. Insert your USB flash drive in the computer, if it is not already there.
8. On the Save your Startup Key page, choose the location of your USB flash drive, and then click Save.
9. On the Save the recovery password page, you will see the following options:

· Save the password on a USB drive. Saves the password to a USB flash drive.

· Save the password in a folder. Saves the password to a folder on a network drive or other location.

· Print the password. Prints the password

While I have a problem on step 4.

Double-click the setting Control Panel Setup: Enable Advanced Startup Options.

I can find "BitLocker Drive Encryption" on my group policy editor, while I cannot find
Control Panel Setup: Enable Advanced Startup Options anywhere.

Thank you for your help.

Best Regards,

Yan

 

Bitlocker - Win 10 - TPM 2.0 - Legacy Mode

According to here you need to boot in UEFI to configure bitlocker then you can change to CSM.

Pre-Provision Bitlocker - TPM 2.0 - SCCM 1610

 

BitLocker refuses to enable

Windows 10 Pro on Dell Optiplex 5040

Domain-joined

No TPM

I have tried repeatedly to enable BitLocker on this machine and all attempts have failed. The majority of suggestions point me to gpedit.msc > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating
System Drives > Require additional authentication at startup (and be sure "Allow BitLocker without a compatible TPM" option is checked). The option is checked and the GPO enabled, however, I still receive the error "This
device can't use a Trusted Platform Module. Your administrator must set the "Allow BitLocker without a compatible TPM" option in the "Require additional authentication at startup" policy for OS volumes."

We don't have any other computers with this issue, though, to be fair, this is one of the only computers without TPM. What else can be done?