I turned on Bitlocker in my Win7 x64 several months ago and used it flawlessly. I had configured it to use TPM+PIN and everything worked perfectly. The only group policy change I made myself was to set the "Require additional authentication at startup" to "Require startup PIN with TPM". Then about a month ago I was told my organization was switching to another enterprise encryption product - so in preparation of the switch, I went to Control Panel - Bitlocker Drive Encryption - and clicked Turn Off Bitlocker. Bitlocker decrypted the drive and everything worked perfectly. But now here comes my problem. It turns out that the enterprise encryption product my organization is switching to, doesn't yet have an x64 compatible client. This means I need to go *back* to Bitlocker.. so I went back to Control Panel - Bitlocker Drive Encryption - and clicked Turn On Bitlocker (for C-drive). Almost instantly on the Starting Bitlocker dialog, I get the error: "The Group Policy settings for BitLocker startup options are in conflict and cannot be applied. Contact your system administrator for more information." I cannot for the life of me figure out which group policies are conflicting. I changed the "Require additional authentication at startup" to "Not Configured" but it didn't make any difference. I have verified that *every* policy under the Bitlocker Drive Encryption folder is set to "Not configured". I even tried setting Computer Configuration - Administrative Templates - System - Power Management - Sleep Settings : Allow Standby States (S1-S3) When Sleeping (Plugged In) Allow Standby States (S1-S3) When Sleeping (On Battery) 'both to Disabled because I'd read somewhere those could cause conflicts. It didn't make any difference. just as a fyi, manage-bde -status currently shows: Disk volumes that can be protected with BitLocker Drive Encryption: Volume C: [] [OS Volume] Size: 465.66 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Key Protectors: None Found Any help would be greatly appreciated- Thanks-

Hi, Thanks for the post! Please run cmd, input “gpresult -v > D:\gpresult.txt”, then find this file in D disk, compare the group policies with here: http://windows.microsoft.com/en-US/windows7/What-Group-Policy-settings-are-used-with-BitLocker. Then you can find which group policy is changed, you can change it back. Hope it helps! Regards, Miya YaoThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I have a similar problem. No answers from MSFT, only run of the mill responses from support that have been worthless and full of product arrogance. Try this: manage-bde.exe -protectors -delete c: -type tpm It should rid the group policy errors. Then you can readd the TPM + PIN

Thanks for the reply, but all the settings listed in that link are set to their default value. Is it possible one actually should not be set to the default (Not Configured)? Thanks-

Thanks for the info, but I actually have already deleted all the protectors. In my first post I included the output from the manage-bde -status and it shows Key Protectors = None.. (so there's nothing to delete). Any other ideas? This is driving me nuts. :( Thanks-

OK maybe I spoke too soon. Deleting the TPM did return an error saying no protectors found, but after I (prematurely) replied I went ahead and tried to restart Bitlocker anyway.. and to my surprise it fired up and let me start encrypting the drive! So maybe it reset something even though it didn't delete the TPM protector.. ? At this point I don't even care - I'm just glad it's working again. :) Thank you very much-

Hey kenneth_scott, Do you mind me asking what gpo settings you have for bitlocker that got you working with TPM+PIN? Because I am having the exact same error come up in my log when i try enable bitlocker TPM+PIN using the EnableBitLocker.vbs I got from MS TechNet. I tried the command LongShort mentioned earlier in this thread, restarted my machine and still no dice. Thanks.

I wanted to add the command i am running from command prompt as administrator Cscript EnableBitLocker.vbs /on:tp /l:c:\windows\options\sms\enablebitlocker.log /rk /promptuser /sms