Bitlocker not getting enabled in Windows VM

expand collapsive

I was trying to configure Bitlocker policy using Hexnode but in the device Bitlocker encryption failed. Any update on what the reason might be?

All Replies

  • Participant

    Roros

    Participant

    Actually, I was testing the bitlocker in my VM before I actually associate the policy to my devices to make sure the feature is working properly. When I tried enabling bitlocker in the VM, I got an error message saying that the Bitlocker encryption failed due to conflicting group policy settings. I haven’t configured any group policies either in my knowledge. Anyone know whats up here in this issue?

  • It looks like you might have an already configured group policy in your device and that could be the reason you might be facing the issue. You can check if there are any policies and remove them and try again and it should work then.

  • Hey Roros,

    Thank you for reaching out to us and putting forward an interesting query!

    According to the error message that you had received when you tried to enable BitLocker on your device, there is an existing group policy associated with your device. The BitLocker configurations in the policy that you have associated with the device conflict the group policy configurations already present in the device.

    You can configure group policy configurations in a Windows device either by using the Local Group Policy Editor or by using an AD.

    To configure the BitLocker configurations using the Local Group Policy Editor, follow the steps given below:

    1. In your Windows device, press Windows key + R to open the Run box.
    2. Type gpedit.msc and press enter to open the Local Group Policy Editor.
    3. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption.
    4. In the Bitlocker Drive Encryption folder, you will have three folders – Fixed Data Drives, Operating System Drives, Removable Data Drives.
    5. Ensure that the “State” of all the settings in the three folders mentioned above are in “Not Configured” status.
    6. If a BitLocker setting is configured (enabled), click on the respective setting and check the “Not configured” box in the window that pops up and click on Apply.

    This will ensure that no local group policies are configured in the device. If your device is connected to an Active Directory, you need to check whether any group policies have been configured from the AD with the device.

    If TPM (Trusted Platform Module) is disabled on the device, you need to ensure that the “Enable Bitlocker without a Trusted Platform Module (TPM)” option is set to “Allow” before associating the policy with the device.

    Hope this answers your query.

    Cheers!
    Chris Coleman
    Hexnode UEM