BitLocker script isn't working on Windows 11


CSharpDev

Banned
Local time
5:35 AM
Posts
105
OS
Win11
I am trying to deploy a script post-install as part of my Windows 11 Master Image. Basically it checks if BitLocker has been enabled. If not, it will enable BitLocker FVE using a default startup PIN.

First I will need to enable BitLocker Pre-Boot PIN using this reg file unless I am mistaken:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000000
"UseTPM"=dword:00000001
"UseTPMPIN"=dword:00000001
"UseTPMKey"=dword:00000000
"UseTPMKeyPIN"=dword:00000000
"OSAllowSecureBootForIntegrity"=dword:00000001

Then I run the script that first enables BitLocker FVE with my default startup PIN and then checks for the encryption percentage. If
Text
the encryption percentage has reached 100%, then it will proceed to add my 3 self-made applications to the RunOnce keys so they will be launched upon the next boot
Text
The problem I am facing is when I run my script, it throws the EM:

"Set-BitLockerVolumeInternal: BitLocker startup settings group policy settings are conflicting and cannot be applied. For more information, contact your system administrator. (Exception HRESULT: 0x8031005B)," indicates that there are conflicting BitLocker group policy settings that prevent the BitLocker cmdlet from applying its configuration. This can occur when there are conflicting policies in your system's group policy settings.
So if I am interpreting this correctly, the issue is that my reg file doesn't enable Advanced Startup (ie Pre-Boot PIN required/demanded)
 
Windows Build/Version
11 Pro

My Computer

System One

  • OS
    Win11
Yes, well, perhaps the line "UseTPM=dword:00000001" is for use without TPM module. Windows 11 has stricter TPM requirements, so use "UseTPM=dword:00000002" .

See Option 2, Step 2 of this Forum tutorial for a more up-to-date reg file:

If you compare that reg file with yours, you can easily see the differences.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 5600
    Motherboard
    MSI B550-A Pro
    Memory
    16 GB
    Graphics Card(s)
    Sapphire Radeon RX 6500XT (8 GB version)
    Monitor(s) Displays
    BenQ Mobuiz EX2710Q QHD, Iiyama ProLite X23377HDS
    Hard Drives
    MSI Spatium M461 4TB
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Acer A114
    CPU
    Intel Celeron N4020
Yes, well, perhaps the line "UseTPM=dword:00000001" is for use without TPM module. Windows 11 has stricter TPM requirements, so use "UseTPM=dword:00000002" .

See Option 2, Step 2 of this Forum tutorial for a more up-to-date reg file:

If you compare that reg file with yours, you can easily see the differences.
nope didnt work
 

My Computer

System One

  • OS
    Win11

Latest Support Threads

Back
Top Bottom