This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

bitlocker win 8.1

Hi,

I'm running Safeguard 7.0 bitlocker on windows 8.1 x64.

On devices with only legacy bios everything is fine and I'm prompted to start encryption.

But on devices with uefi option it's not working. The OS is installed on mbr not gpt, and i'm not prompted to start encryption.

Is there a setting, not having to install on gpt boot partion.

Carsten Roenne



This thread was automatically locked due to age.
Parents
  •      There should be an error code which is reported to the backend (you should see an event in the MC) which can be checked to verify what the reason for the not starting encryption is.

    Without knowing what the error code is, some common reasons for BitLocker not starting are:

    • A bootable CD is in the drive (must be ejected to start the encryption process) 
    • A bootable USB stick attached (must be ejected to start the encryption)
    • A GPO is defined which is not supported in combination with BitLocker Management by SGN.
    • The drive is not properly prepared for Bitlocker encryption (can be done using the Bitlocker Drive Preparation tool BdeHdCfg.exe) 
    • TPM is not activated (but defined as protector)
    • An unsupported algorithm is applied on the client (e.g AES-XTS on Windows 10 version 1511).

    Only the following BitLocker group policies (GPOs) should be configured if BitLocker is managed by SGN:

    • Require additional authentication at startup
    • Allow BitLocker without a compatible TPM
    • Enable use of BitLocker authentication requiring preboot keyboard input on slates
    • Configure minimum PIN length for startup
    • Turn on TPM backup to Active Directory Domain Services

    What to do

    Ensure that no BitLocker group policy settings are configured that interfere with the settings defined in the SafeGuard policies. Otherwise they might be overruled by SafeGuard policies or even lead to conflicts with the SafeGuard BitLocker management.

    Example: Activating the group policy setting "Do not enable Bitlocker until recovery information is stored to AD for operating system drives" leads to encryption failing to start if you are using SafeGuard Bitlocker Challenge/Response.

  • Hello Everyone,

     

    Where can I enable "Turn on TPM backup to Active Directory Domain Services"?

     

    Thanks

  • It's a group policy object - So whoever managed AD in your enterprise should be able to sort it for you.

     

    Some of these GPO's have changed though in the last few years, dependant on what templates you've imported/Server OS.

Reply Children
No Data