I get the error in the title when trying to activate BitLocker on my non-domain joined, Windows 11 Pro workstation (fully patched). I've researched the issue and most threads suggest changing Group Policy; however, both "Store Bitlocker Recovery to Active Directory Domain Services" and "Configure use of Passwords for Removable Data Drives" policies are disabled. The workstation should meet BitLocker system requirements and has TPM 2.0. It should be noted that the system has been hardened, but I don't see any other policies in BitLocker Drive Encryption that would cause it to reach out to a domain controller. Any help would be greatly appreciated.
Edit: Changing the "Choose how Bitlocker-protected operating system drives can be recovered" policy fixed the initial issue. It was trying to store Bitlocker recovery info to an AD. However, now the error message reads "There are conflicting settings for recovery options...When a recovery password is required backup to active directory should be turned on or the user should be required to save the recovery password." I assume this is a specific policy that needs disabling or enabling.
Edit: Changing the "Choose how Bitlocker-protected operating system drives can be recovered" policy fixed the initial issue. It was trying to store Bitlocker recovery info to an AD. However, now the error message reads "There are conflicting settings for recovery options...When a recovery password is required backup to active directory should be turned on or the user should be required to save the recovery password." I assume this is a specific policy that needs disabling or enabling.
- Windows Build/Version
- Windows 11 Pro
Last edited:
My Computer
System One
-
- OS
- Windows 11