Reply To: Bitlocker not getting enabled in Windows VM

Chris ColemanChris Coleman
-1 pt

Hey Roros,

Thank you for reaching out to us and putting forward an interesting query!

According to the error message that you had received when you tried to enable BitLocker on your device, there is an existing group policy associated with your device. The BitLocker configurations in the policy that you have associated with the device conflict the group policy configurations already present in the device.

You can configure group policy configurations in a Windows device either by using the Local Group Policy Editor or by using an AD.

To configure the BitLocker configurations using the Local Group Policy Editor, follow the steps given below:

  1. In your Windows device, press Windows key + R to open the Run box.
  2. Type gpedit.msc and press enter to open the Local Group Policy Editor.
  3. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption.
  4. In the Bitlocker Drive Encryption folder, you will have three folders – Fixed Data Drives, Operating System Drives, Removable Data Drives.
  5. Ensure that the “State” of all the settings in the three folders mentioned above are in “Not Configured” status.
  6. If a BitLocker setting is configured (enabled), click on the respective setting and check the “Not configured” box in the window that pops up and click on Apply.

This will ensure that no local group policies are configured in the device. If your device is connected to an Active Directory, you need to check whether any group policies have been configured from the AD with the device.

If TPM (Trusted Platform Module) is disabled on the device, you need to ensure that the “Enable Bitlocker without a Trusted Platform Module (TPM)” option is set to “Allow” before associating the policy with the device.

Hope this answers your query.

Chris Coleman
Hexnode UEM