This device cannot use a Trusted Platform Module. “Allow BitLocker without a compatible TPM” – When turning on Bitlocker

While trying to install Bitlocker Drive Encryption to the C: on my Windows 10 machine.

The following error was prompted as shown in the image below.

Let’s review the key term “TPM” and how to resolve this issue.

Trusted Platform Module (TPM) – This is a chip that resides on newer processors that have additional security features. With TPM, the encryption key is stored on the chip itself.

Note: If your chip does not support TPM, you can still use BitLocker, then you will have to save (store the keys) in a safe location such as Active Directory, Microsft Azure or on a USB stick etc. kindly follow the procedures listed below to resolve this issue.

Launch Group Policy and enable the following exception

- Using your keyboard ''Windows key+R'' or search for "run"
- Type: gpedit.msc then hit "ok" or press "Enter" on your keyboard
- Expand Administrative Templates then Windows Components 
- Bitlocker Drive Encryption then 
- Click Operating System Drives as shown below.

Double click or right-click “Require additional authentication at startup”

click Edit and select enabled as shown below. 
- Select Enabled and 
- Check the box to allow BitLocker without compatible TPM in the Options section.
Note: Most times this option is selected by default.

The last steps involve enforcing the settings.

From the Start menu
- Type run or Press Windows Key + R to launch the run wizard
- Type cmd as shown below
- gpforce.exe /update and 
- Press Enter. 

That is all ;)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s