D
Doesnt-Matter
What am I missing here. I keep getting a group policy BitLocker startup conflict. I have been able to use the same settings across other computers (same model) and it worked. I have tried different combinations of the settings below (and running gpupdate) and nothing works. I also tried to turning off all the changes and still get the error. I've tried to start BitLocker via the BitLocker manager from Control Panel and also from PowerShell.
Latitude E6440
Win10v1709
TPM 1.2
PowerShell command used:
$SecureString=ConvertTo-SecureString "PASSWORD" -AsPlainText -Force
Enable-Bitlocker -MountPoint "C:" -EncryptionMethod AES256 -Pin $SecureString -TPMandPinProtector
Set-BitLockerVolumeInternal : The Group Policy settings for BitLocker startup options are in conflict and cannot be applied. Contact your system administrator for more information. (Exception from HRESULT: 0x8031005B)
At C:\WINDOWS\System32\WindowsPowerShell\v1.0\Modules\BitLocker.psm1:3593 char:52
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ .... eInternal = Set-BitLockerVolumeInternal -MountPoint $MountPoint[$i] - ....
+ CategoryInfo : NotSpecified:
) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Set-BitLockerVolumeInternal
------------------
Group Policy Changes
------------------
Require additional authentication at startup
- Allow Bitlocker without a compatible TPM - Checked
- Configure TPM startup - Allow TPM
- Configure TPM startup PIN - Allow startup PIN with TPM
- Configure TPM startup key - Allow startup key with TPM
- Configure TPM startup key and PIN - Allow startup key and PIN with TPM
Allow enhanced PINs for startup - enabled
Enable use of BitLocker authentication requiring preboot keyboard input on slates - Enabled
Continue reading...
Latitude E6440
Win10v1709
TPM 1.2
PowerShell command used:
$SecureString=ConvertTo-SecureString "PASSWORD" -AsPlainText -Force
Enable-Bitlocker -MountPoint "C:" -EncryptionMethod AES256 -Pin $SecureString -TPMandPinProtector
Set-BitLockerVolumeInternal : The Group Policy settings for BitLocker startup options are in conflict and cannot be applied. Contact your system administrator for more information. (Exception from HRESULT: 0x8031005B)
At C:\WINDOWS\System32\WindowsPowerShell\v1.0\Modules\BitLocker.psm1:3593 char:52
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ .... eInternal = Set-BitLockerVolumeInternal -MountPoint $MountPoint[$i] - ....
+ CategoryInfo : NotSpecified:
) [Write-Error], COMException+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Set-BitLockerVolumeInternal
------------------
Group Policy Changes
------------------
Require additional authentication at startup
- Allow Bitlocker without a compatible TPM - Checked
- Configure TPM startup - Allow TPM
- Configure TPM startup PIN - Allow startup PIN with TPM
- Configure TPM startup key - Allow startup key with TPM
- Configure TPM startup key and PIN - Allow startup key and PIN with TPM
Allow enhanced PINs for startup - enabled
Enable use of BitLocker authentication requiring preboot keyboard input on slates - Enabled
Continue reading...