Hi,
I'm currently deploying Safeguard in our company and i'm having trouble with activating the Bitlocker in machines with a TPM chip.
Since all our PC's (500+) are deployed with secure boot disabled (but TPM on) safeguard/bitlocker uses the TPM+PIN method to start full disk encryption, but this throws errors after reboot (bitlocker key cannot be obtained from tpm) because the underlying TPM requirements are not met.
This causes the computer (with a TPM chip) to skip Bitlocker POA and throw the error, and keeps asking the user to choose a new bitlocker password (with numbers only) after every user login/reboot. Please note that a numbers only password does not work either.
Because TPM is on, there is no fallback to password.
So my question is: Can i force password usage (so skip TPM/PIN and default to password) with safeguard/GPO or other settings. Some googling and trying to change some GPO settings /policy settings did not help so far., so i'm reaching out for some help on this :).
The only other option would be to disable TPM manually on all PC's but this is not a desired solution.
Any help on this is greatly appreciated.
This thread was automatically locked due to age.