I am trying to deploy a script post-install as part of my Windows 11 Master Image. Basically it checks if BitLocker has been enabled. If not, it will enable BitLocker FVE using a default startup PIN.
First I will need to enable BitLocker Pre-Boot PIN using this reg file unless I am mistaken:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000000
"UseTPM"=dword:00000001
"UseTPMPIN"=dword:00000001
"UseTPMKey"=dword:00000000
"UseTPMKeyPIN"=dword:00000000
"OSAllowSecureBootForIntegrity"=dword:00000001
Then I run the script that first enables BitLocker FVE with my default startup PIN and then checks for the encryption percentage. If
Text
the encryption percentage has reached 100%, then it will proceed to add my 3 self-made applications to the RunOnce keys so they will be launched upon the next boot
Text
The problem I am facing is when I run my script, it throws the EM:
"Set-BitLockerVolumeInternal: BitLocker startup settings group policy settings are conflicting and cannot be applied. For more information, contact your system administrator. (Exception HRESULT: 0x8031005B)," indicates that there are conflicting BitLocker group policy settings that prevent the BitLocker cmdlet from applying its configuration. This can occur when there are conflicting policies in your system's group policy settings.
So if I am interpreting this correctly, the issue is that my reg file doesn't enable Advanced Startup (ie Pre-Boot PIN required/demanded)
First I will need to enable BitLocker Pre-Boot PIN using this reg file unless I am mistaken:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000000
"UseTPM"=dword:00000001
"UseTPMPIN"=dword:00000001
"UseTPMKey"=dword:00000000
"UseTPMKeyPIN"=dword:00000000
"OSAllowSecureBootForIntegrity"=dword:00000001
Then I run the script that first enables BitLocker FVE with my default startup PIN and then checks for the encryption percentage. If
Text
the encryption percentage has reached 100%, then it will proceed to add my 3 self-made applications to the RunOnce keys so they will be launched upon the next boot
Text
The problem I am facing is when I run my script, it throws the EM:
"Set-BitLockerVolumeInternal: BitLocker startup settings group policy settings are conflicting and cannot be applied. For more information, contact your system administrator. (Exception HRESULT: 0x8031005B)," indicates that there are conflicting BitLocker group policy settings that prevent the BitLocker cmdlet from applying its configuration. This can occur when there are conflicting policies in your system's group policy settings.
So if I am interpreting this correctly, the issue is that my reg file doesn't enable Advanced Startup (ie Pre-Boot PIN required/demanded)
- Windows Build/Version
- 11 Pro
My Computer
System One
-
- OS
- Win11