Got a weird one. BitLocker policy pushes successfully from Hexnode, no errors or anything, but some laptops still show “Not Encrypted”. Anybody seen that?
26 Views
Replies (6)
Marked SolutionPending Review
Participant
5 days ago
May 25, 2026
Marked SolutionPending Review
Yep. Check the TPM status first. We had a bunch of systems where TPM was technically there, but not actually ready. BitLocker just sat there doing nothing.
Marked SolutionPending Review
Participant
5 days ago
May 25, 2026
Marked SolutionPending Review
Run this:
|
1 |
Get-Tpm |
Look at TpmPresent and TpmReady. If Ready says false, that’s usually the problem.
Marked SolutionPending Review
Participant
5 days ago
May 25, 2026
Marked SolutionPending Review
Also check:
|
1 |
manage-bde -status |
Super helpful for seeing whether BitLocker even started the protection process or not. We normally run both through Hexnode terminal before touching the policy itself.
Marked SolutionPending Review
Participant
5 days ago
May 26, 2026
Marked SolutionPending Review
Just checked one of the devices.
TpmPresent : True
TpmReady : False
So yeah looks like that’s it.
Marked SolutionPending Review
Participant
5 days ago
May 26, 2026
Marked SolutionPending Review
Yeah that’ll block silent encryption.
We fixed most of ours with:
|
1 |
Initialize-Tpm |
Some machines needed a reboot after that, but most started working fine.
Marked SolutionPending Review
Participant
4 days ago
May 26, 2026
Marked SolutionPending Review
We actually made a small remediation script for this later. Checks TPM state, initializes it if needed, then lets BitLocker continue normally. Pushed it through Hexnode so we didn’t have to remote into every single device manually.
Save
