Re: Unable To Enable Bitlocker Windows 10
Tandra Kanter
I recently cloned my drive to an SSD, but am having problems enabling bitlocker. After the clone, I made sure to get dikpart info and use bcdedit to set the volumes for the new configuration like others have used on the forums, seen below.
I used Acronis TrueImage 2020 to do the image. This is an HP EliteDesk 800 G1 running windows 10. I ran sfc /scannow before posting this. It did find violations, but nothing was solved after they were fixed.
According to this KB article _encrypted5 , the disk needs to be not encrypted so that the clone operation proceeds without any limitations - was this requirement met? Also, can you submit a ticket to our Support team and let me know its number so that I can discuss it internally?
I have a few windows VMware virtual machines which have bitlocker enabled for all drives. These machines are backed up using "VMWare" policy type. When i try to perform a file level restore, it does not seem to work. All these servers are Windows 2019 and 2022 servers. The drives are encrypted and unlocked. The "Enable file recovery from VM backup" option is enabled in the backup policy. I get a message saying "There are no files matching teh specified criteria".
Bitlocker shouldn't make a difference for the restore as that should be transparent to NetBackup. I assume that you have a NetBackup client installed in the VM you are testing - as the client is required to perform a single file restore (in general - there are methods to recover without the client installed which are described in the VMware guide).
Given the error you describe, I suspect you may be choosing the wrong backup type in the restore GUI. The type needs to be selected a VMware (and not Windows). Try that, then make sure that the date range you search covers the backup.
Anyway, for the main question in this topic, I think as @davidmoline mentioned it is stuck at first step (browse of backups) so you needs to put the right type of the policy and the right name of the VM.
and of course if the VM doesn't have nbu client, you should use WebUI to perform agentless restore but there are few prerequisties that are needed (built-in administrator account) + .sja files added to the master using nbrepo -a command/ please read guides regarding this.
The technote mentioned relates to using a NetBackup agent on the (whether physical or virtual is irrelevant) and the files should be captured without issue. The backup though would then need to be MS-Windows.
If granular recovery is critical (as well as machine recovery) you could setup two policies - one to capture the machine state using VMware policy type and a second to capture the file system/drives you require using MS-Windows policy type. The later policy could just target the area you need to be able to recover files, and the VMware policy could potentially be setup to just capture the OS drives (in the advanced VMware configuration settings).
The cause of my issue seems straightforward: I enabled BitLocker on a MacBook Pro, early 2015 model which out-of-the-factory is only available with an Intel processor. That having been said - and someone, anyone can correct me if or when I'm wrong? - Bitlocker could not be implemented through the TPM, presumably because my Windows OS operates as the slave volume and alterations with the TPM are impossible given File Vault is installed on the MacOS partition. Or, alternately, neither of the partitions interact, beyond the Bootcamp Assistant.
I am unaware of whether or not the TPM comes factory installed on a MacBook Intel processor though, of course, the inverse is true for most modern if not all factory-shipped Windows machine. I am mentioning the TPM assuming that it's somehow involved with my inability to push updates - though this could be an irrelevant. Just a shot in the dark.
Either way, since installing BitLocker, if either by coincidence or cause, I have been unable to install the next available Windows update; I believe it's stuck back on a failed execution step in the process of an attempted upgrade to 20H2. I doubt the update version is relevant though. I have attempted the update using PowerShell, thinking it will offer a surefire method given it operates with more elevated privilege or system control, but PowerShell failed on the update as well. I have also attempted the update in Safe Mode, which also fails.
If logs are needed for proper analysis and a consequent solution, please advise which output is needed from the given log or logs and I will post it accordingly. I have little-to-no interest in removing BitLocker before an additional upgrade attempt. For that reason, any advice involving that step may not be the best here unless it's the one-and-only solution.
I found the solution to this however random. I did a few things though I can't remember in what chronological order. For one, I corrupted my Windows partition on Bootcamp by running a script off of Github which claimed to offer a better alternative to the third-party driver: Trackpad++. I nearly had to reinstall Windows but I did the obvious thing, given it was almost impossible to reinstall the Mac drivers for Windows, and used a wired mouse to navigate the OS.
So, with corded mouse in hand, as the trackpad wouldn't work at all - given the MacBook driver was shot - I simply reinstalled Trackpad++ but deleted the part of the program which runs the native control panel: essentially bloatware trying to get me to pay for stuff I don't need. I also ran - either before or after - the sfc /scannow command on the command prompt.
I got curious as to whether or not the scan could have or would have fixed the update issue with failed patches. Oh, yes, and I may have ran the DISM command syntax with the "RestoreHealth" switch. I also booted Windows into safe mode, which is tricky on Bootcamp. If anyone wants to know how to do that, I'll explain. Long story short, one of those steps fixed it or a combination more than one did the trick.
The moral of the story? Windows on Bootcamp can be successfully updated when Bitlocker is installed. The OS gets buggy and the drivers don't like it, along with the encryption, but it can be done if the end user implements enough creative tech savvy in the process.
All things considered, I think this topic can be closed and whoever is moderating this topic can do so if desired. Any comments before this close out, are more than welcome. I'm eager to hear a theoretical explanation of why or how any of these steps worked
This may be a silly question, but I can't seem to get BitLocker to work on my test Win365 vm. My Intune policy fails to apply and I'm unable to turn on BitLocker manually. No error messages, it just says access denied when trying to enable manually. Device encryption status reflects no profile assigned but when I check the device assignment status on the profile it reflects that the assignment status was successful.
Hello,
I've read through all the material I can. I am struggling to understand what is supposed to happen when you have Bitlocker settings enabled for the system drive.
Here is our situation. We are not joining the computers to a domain and users do not have a microsoft account. When they log into windows GCPW gives them a standard user account. On my two test machines despite having the settings enabled nothing happens regarding Bitlocker. Coming from a domain encironment I am already fairly familiar with Bitlocker so I assume this is because there is nowhere to store the recovery key and likely because they are not an administrative user.
Should we just be enabling Bitlocker using the local admin account before distributing the computer?
Will it report in the admin console correctly if it is done this way?
What is everyone else doing in regards to Bitlocker?
If you are not seeing this, can you verify that the device is successfully enrolled with advanced Windows management? You can check if device is enrolled from the settings app. You can also create logs and look at bitlocker value. -us/windows/client-management/mdm-collect-logs
Would it prompt them if they are a standard user? Standard users normally can't enable bitlocker. I have an open ticket with support and am waiting to see what they say. In the meantime I added a second test computer, same behavior. Nothing happens all other policies seem to be working.
Ah that could be the problem. Just looking into Microsoft's documentation, there seems to be new settings enabled in the OS that can make this possible. Can you use Custom settings section of Admin console to enable these settings in addition to the bitlocker settings?
I don't mind turning bitlocker on with the local administrator account. However, on my test machine when I enable bitlocker with the local administrator account, the admin console still reports that the device is unencrypted.
From what I can tell If you enable bitlocker before enrolling the device to a user the admin portal will never correctly report the device as encrypted. This creates a catch 22. You have to enroll the device before the user gets it to enable bitlocker.
The policies you listed state that they are only for Azure Active Directory Joined devices.
the local Admin account, which is censused in the Admin console in the GCPW settings, have to enable Bitlocker manually and save elsewhere the recovery key.
The key can't be stored on the same drive, but a GDrive-enabled folder (Google Drive for Desktop) does the trick.
I am setting up a brand new machine with the above drive and have installed a discrete TPM 2.0 header on the motherboard to allow me to use hardware encryption with BitLocker. Windows 10 Pro x64 1903 is in use.
I installed Windows and Samsung Magician 6.0 and switched on drive encryption within the Encrypted Drive part of the tool. It shows "Ready to Enable" as a status. I create the Secure Erase tool, but the tool cannot find the drive. Going back into Windows I updated the drive's firmware to 2B2QEXM7. I reboot and run Secure Erase. The drive is successfully detected and the tool reports that it completed successfully. On rebooting the computer cannot detect bootable media, indicating success.
d3342ee215