There are times when we try to encrypt C drive with BitLocker, an error message will pop up prompting that “This device can’t use a Trusted Platform Module. Your administrator must set the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.” If you feel confused with this issue, you are in the right place! Here you can learn how to fix BitLocker failed to encrypt C drive in Windows 10. So, just follow the steps below.
- 1. Fix the Issue with Local Group Policy Editor
- 2. Alternative Method–Enable BitLocker to C drive via CMD
1. Fix the Issue with Local Group Policy Editor
Step 1: Press Windows key + R to open a Run box. Then type gpedit.msc and hit Enter.
Step 2: In the left pane, navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
Step 3: In the right pane, double-click Require additional authentication at startup policy.
Step 4: On the popup window, select the radio button of Enabled and then check the box of Allow BitLocker without a compatible TPM. Finally, click OK button to save the changes.
2. Alternative Method–Enable BitLocker to C drive via CMD
If you still fail to encrypt the C drive with the built-in BitLocker function in Windows 10 Pro or higher edition, you can try the below alternative method to encrypt the C drive with BitLocker.
Preparation:
- Make sure Require additional authentication at startup is enabled on your computer. You can check the detailed steps in the first part.
- Make sure TPM is enabled. You can run command line: wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get * /format:textvaluelist.xsl to have a check.
Step 1: Open Command Prompt on your computer and run it as administrator.
Step 2: Run the command lines: manage-bde –on C: -usedspaceonly -skiphardwaretest -tpmandpin to enable BitLocker encryption for your C drive. Also, set the encryption mode as only encrypt the used space. Besides, you add the trusted TPM and PIN protector to the C drive.
Step 3: Enter the PIN you want to use to protect the drive. After that, confirm it.
Step 4: The BitLocker encryption is attached to the C drive. You can see that Used Space Only encryption is now in progress.
Step 5: Run the command lines to add a recovery key protector to your C drive: manage-bde -protectors -add C: -recoverypassword.
Step 6: The recovery key is added successfully.
Step 7: Run the command line to back up your recovery password: manage-bde -protectors -get c: -id {C5C58F61-7B2C-46F5-87CB-BA20C50A2195} > D:\RecoveryPassword_{C5C58F61-7B2C-46F5-87CB-BA20C50A2195}.txt. You can change the drive D:\ to any other location on your computer.
Step 8: The recovery key is backed up successfully. You can check it in the destination location.
Step 9: Up to now, you have successfully encrypted the C drive with BitLocker. You can restart the computer and then it will ask you to enter the BitLocker PIN to unlock the drive.
That’s all. In the end, the issue that BitLocker Drive Encryption cannot be enabled on the operating system drive has been solved. You can encrypt the C drive with BitLocker in Windows 10.
Tips: If you intend to encrypt a hard drive with BitLocker in the Windows operating system, iSunshare BitLocker Genius for Windows is a trustworthy and user-friendly disk encryption tool that can help you easily encrypt or decrypt a drive with BitLocker. In addition, it allows you to enable BitLocker to encrypt a drive in Windows 11/10 Home edition.
Related Articles: