I am attempting to use BitLocker to encrypt my system drive, but I receive the following Group Policy error, "The Group Policy settings for BitLocker startup options are in conflict and cannot be applied. Contact system administrator for more information." Why this error occurs? And how can I solve it?
Rest assured; this error can be easy solved by simply modifying the Group Policy Editor or Registry Editor. Go ahead reading, you'll understand why this happen and work it out.
If you’ve updated the Group Policy settings of BitLocker before enabling BitLocker encryption, then you may run into this BitLocker error: "The Group Policy settings for BitLocker startup options are in conflict and cannot be applied". Due to wrong configuration, it result in the conflict between BitLocker Group Policy settings and BitLocker Registry Editor settings.
Take a user's experience as an example. To fix BitLocker TPM Error, he firstly set "Required additional authentication at startup" to "Enabled", and then ticked "Allow BitLocker without TPM" in Group Policy Editor as the tutorial described.
But he wrongly selected "Require TPM" in "Configure TPM startup" option. Then when he was about to enable BitLocker Encryption for System drive, this error suddenly appeared.
When modifying the Group Policy settings of BitLocker, you can’t require one form and allow the others. You can use the following settings to avoid conflicts.
Before start, reach to the BitLocker Drive Encryption in Group Policy Editor first:
Step 1 Type gpedit.msc in the search box, and press Enter.
Step 2 Navigate to following path:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drive
Step 3 Double click on "Required additional authentication at startup".
Steps Select the "Not Configured" radio option. Click "Apply" and "OK" to save the updates.
Step1 Select radio button of "Enabled" to enable BitLocker startup Authentication.
Step2 Set "Configure TPM startup PIN" option to "Require startup PIN with TPM", and set another three options to "Do not allow", and then apply it. Swapping the TPM startup PIN for another option is also feasible. You can pick the one you need and disable the others.
Step1 Check the "Enable" option to enable BitLocker startup Authentication.
Step2 Set all four options to "allow", and apply this setting.
Notes: You just need to choose one option from these three methods that meets your needs. To make the modification takes effect, remember to restart your system.
Step 1 Press Win + R to open the Run dialog. Type "regedit" in it and press Enter key.
Step 2 Go to the following path:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
Step 3 Check the REG_DWORD value and change it to be consistent with Group Policy BitLocker settings.
Be careful to update or delete the REG_DWORD value in Registry Editor, which may cause system stability problems.
There are many possible reasons for this error.Before start, type "Manage BitLocker" in the search box to check if you can access to the BitLocker Drive Encryption panel.
Lydia
Sure, Windows allows us to encrypt the operating system drive on devices without TPM supported. To configure this, we need to edit the related group policy.
Benjamin
BitLocker encryption requires the drive to be unlocked before accessing any data stored on it. The primary reason you can't open software on a BitLocker-encrypted drive is that the drive hasn't been unlocked yet.
Benjamin
Microsoft says this 65000 BitLocker error is being incorrectly reported by Intune, and it won’t affect the normal operation of BitLocker encryption.
Lydia
