Skip to content

TechDirectArchive

Hands-on IT, Cloud, Security, Veeam & DevOps

  • Home
  • About
  • Advertise With US
  • Reviews
  • Contact
  • Toggle search form

How to fix The Group Policy settings for BitLocker startup options are in conflict and cannot be applied

Posted on 18/05/202208/12/2023 Matthew By Matthew No Comments on How to fix The Group Policy settings for BitLocker startup options are in conflict and cannot be applied
  1. Home
  2. Security | Vulnerability Scans and Assessment
  3. How to fix The Group Policy settings for BitLocker startup options are in conflict and cannot be applied
Featured-post.-1

I recently encountered the error message “The Group Policy settings for BitLocker startup options are in conflict and cannot be applied. Contact your system administrator for more information” during a BitLocker Encryption setup. The issue occurred while attempting to turn on BitLocker encryption through the Control Panel. The group policy setting for BitLocker may cause this error when enabling BitLocker Encryption. To fix it, open the policy and set “Require additional authentication at startup” to “Not Configure.” Please see this guide on how to deploy Microsoft BitLocker Administration and Monitoring Tool

Some Context on BitLocker Encryption with TPM (Trusted Platform Module)

BitLocker Drive Encryption is a data security tool that integrates with the operating system and solves the risks of data theft or disclosure from lost, stolen or improperly discontinued machines.

The TPM is a hardware component that computer makers include in many newer computers. It integrates with BitLocker to help safeguard user data and confirm that a computer has not been tampered with when the system was turned off.

In addition to the TPM, BitLocker provides the option of locking the normal startup process until the user enters a personal identification number (PIN) or inserts an external device, such as a USB flash drive, that carries a startup key.

These extra security features enable multifactor authentication and assurance that the machine will not start or restart from hibernation unless the right PIN or startup key is supplied. If you are having an issue integrating BitLocker with TPM, see how to fix your device cannot use a Trusted Platform Module: Allow BitLocker without a compatible TPM

Learn more about BitLocker encryption: Microsoft Bitlocker Administration and Management: Effect of renaming an MBAM or BitLocker protected Computer, BitLocker System Partition: Detailed steps to troubleshoot and fix System Partition not available or large enough [Part 2],

So, lets see how to solve this problem by changing the BitLocker configuration settings from the Group policy editor.

How to Set Require Additional Authentication at Startup to “Not Configured“

Open the group policy editor by clicking Start or press the Windows key then enter ‘group policy’. Click the ‘Edit group policy’ or press open:

BitLocker encryption

Under “Computer Configuration” follow on the path below.

Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives” 
  • Double click: “Require additional authentication at startup”
Group Policy conflict

Change the following:

  • Under Require additional authentication at startup window select “Not Configured”
  • Click “Apply” and “OK”
BitLocker security

For your changes to take effect, open the command prompt as administrator and execute the following: gpupdate and wait till the computer and group policy update is successfully applied. Or simply restart your system.

Group Policy management

Click Start or press the Windows key and search for ‘BitLocker’. Click the ‘Manage BitLocker’ or press open.

BitLocker encryption

Now continue with the BitLocker Encryption by following this detailed guide on how to enable BitLocker on Windows 10 and virtual machine.

How to Enable Authentication PIN at Windows Startup

If you have successfully enabled BitLocker on your Drive. If you are required to set up an authentication PIN at Windows startup follow the steps below.

  • Open the group policy editor.
  • Navigate to “Require additional authentication at startup” as shown below.
Group Policy conflict

Change the following:

  • Under Require additional authentication at startup select “Enabled”
  • Click on the drop-down under “Configure TPM startup PIN” and select “Require startup PIN with TPM”
  • Click “Apply” and “OK”
Image7

Next, open the Command prompt as administrator then enter

gpupdate

Enter the following command to turn on the authentication PIN:

manage-bde -protectors -add C: -TPMAndPIN Replace the C: with your Drive Letter. 

You will be required to input your preferred PIN twice, then close the terminal.

Image8-1

After this, whenever you power on your system. You will be required to input the set pin to unlock your system drive before booting to Windows.

Image9-1

Please see MBAM Report Errors: Understanding Microsoft BitLocker Administration and Monitoring compliance state and error status and Encryption Algorithm: Why does MBAM not automatically re-encrypt MBAM or Bitlocker protected devices​.

I hope you found this blog post on how to fix “The Group Policy settings for BitLocker startup options are in conflict and cannot be applied” helpful. If you have any questions, please let me know in the comment session.

Rate this post

Thank you for reading this post. Kindly share it with others.

  • Share on X (Opens in new window) X
  • Share on Reddit (Opens in new window) Reddit
  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Facebook (Opens in new window) Facebook
  • Share on Pinterest (Opens in new window) Pinterest
  • Share on Tumblr (Opens in new window) Tumblr
  • Share on Telegram (Opens in new window) Telegram
  • Share on WhatsApp (Opens in new window) WhatsApp
  • Share on Mastodon (Opens in new window) Mastodon
  • Share on Bluesky (Opens in new window) Bluesky
  • Share on Threads (Opens in new window) Threads
  • Share on Nextdoor (Opens in new window) Nextdoor
Security | Vulnerability Scans and Assessment, Windows Tags:Bitlocker, BitLocker Drive Encryption Administration Utilities, BitLocker Status, Enable BitLocker, Microsoft BitLocker Administration and Monitoring, Microsoft Windows, Windows 10, Windows 11

Post navigation

Previous Post: How to manage Microsoft Defender Antivirus using Group Policy and Command Line Utility
Next Post: Installing Windows Subsystem for Android (WSA)

Related Posts

  • Feature image Install.wim file
    How To Get Install.WIM From Windows 10 Installation File Windows
  • BitLocker Protection off Update UEFI BIOS to fix issues
    BitLocker Protection off: Update UEFI/BIOS to fix issues Windows
  • screenshot 2020 05 05 at 10.26.12
    How to enable or disable User Account Control Windows
  • dotnet6783
    Various methods to Install .NET Framework in Windows Windows
  • Capture
    An account with the same name exists in Active Directory: Re-using the account was blocked by a security policy Security | Vulnerability Scans and Assessment
  • spell
    Disable Cloud-Based Spell Checker in Microsoft Edge and Google Chrome Windows

More Related Articles

Feature image Install.wim file How To Get Install.WIM From Windows 10 Installation File Windows
BitLocker Protection off Update UEFI BIOS to fix issues BitLocker Protection off: Update UEFI/BIOS to fix issues Windows
screenshot 2020 05 05 at 10.26.12 How to enable or disable User Account Control Windows
dotnet6783 Various methods to Install .NET Framework in Windows Windows
Capture An account with the same name exists in Active Directory: Re-using the account was blocked by a security policy Security | Vulnerability Scans and Assessment
spell Disable Cloud-Based Spell Checker in Microsoft Edge and Google Chrome Windows

Leave a Reply Cancel reply

You must be logged in to post a comment.

Microsoft MVP

VEEAMLEGEND

vexpert-badge-stars-5

Virtual Background

GoogleNews

Categories

veeaam100

Veeam Vanguard

  • How to Completely Uninstall Norton Security
    How to remove Norton from Mac using the RemoveNortonMacFiles tool Anti-Virus Solution
  • bluetooth headphones to mac 1200x628 1
    How to remove a Bluetooth device and connect a new Bluetooth device to Macbook Mac
  • 71PSZcv0RL. AC SX425
    How to disable unused Cisco Access Ports Network | Monitoring
  • unknown error has occured
    Unknown Error occurred when installing Veeam Software Appliance Backup
  • s3versioning
    Hosting Static Website and Versioning on AWS S3 AWS/Azure/OpenShift
  • Screenshot 2020 05 19 at 02.57.10
    Create Central Store for Group Policy Administrative Templates Windows Server
  • veeam
    How to uninstall Veeam Backup and Replication from your server Backup
  • Featured image 1
    Add and Remove Folders in Favorites in Microsoft Outlook Windows

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,786 other subscribers
  • RSS - Posts
  • RSS - Comments
  • About
  • Authors
  • Write for us
  • Advertise with us
  • General Terms and Conditions
  • Privacy policy
  • Feedly
  • Telegram
  • Youtube
  • Facebook
  • Instagram
  • LinkedIn
  • Tumblr
  • Pinterest
  • Twitter
  • mastodon

Tags

Active Directory Azure Bitlocker Microsoft Windows PowerShell WDS Windows 10 Windows 11 Windows Deployment Services Windows Server 2016

Copyright © 2025 TechDirectArchive

Loading Comments...

You must be logged in to post a comment.