Fix This device can’t use a Trusted Platform Module

Fix This device can’t use a Trusted Platform Module. BitLocker is a necessary setting to encrypt Windows computers and prevent unauthorized access. However, sometimes, it can cause unnecessary problems with the system. Many users reported that while trying to enable BitLocker, they encountered the following error:

THIS DEVICE CANNOT USE THE TRUSTED PLATFORM MODULE. YOUR ADMINISTRATOR MUST SET THE “ALLOW BITLOCKER WITHOUT COMPATIBLE TPM” OPTION IN THE “REQUIRE ADDITIONAL AUTHENTICATION AT STARTUP” POLICY FOR OPERATING SYSTEM DRIVES.

Fix This device can't use a Trusted Platform Module
Fix This device can’t use a Trusted Platform Module

Fix This device can’t use a Trusted Platform Module 

If you are also facing the same error This device can’t use a Trusted Platform Module while enabling BitLocker and find the solution to fix this problem. Here are some tips to fix and enable Bitlocker without compatible TPM.

Before troubleshooting first, let’s understand what exactly is a Trusted Platform Module (TPM) error and what is the Administrator policy?

Fix BitLocker TPM error Windows 10
Fix BitLocker TPM error Windows 10

What is Trusted Platform Module (TPM)?

It’s basically a chip on newer processors that has extra security features. When BitLocker uses TPM, it stores the encryption key on the chip itself. If you don’t have a chip that supports TPM, you can still use BitLocker, but you’ll have to store the encryption key on a USB stick.

Administrator policy – ​​Administrator policy

So what’s all that about choosing policy X and Y for OS volumes? It’s basically a group policy setting that must be changed to allow BitLocker to work without TPM. And by using group policy, you can Allow BitLocker without a compatible TPM (requires a password or boot key on a USB flash drive) to enable Bitlocker without a TPM chip. Let’s see how to do this on Group policy.

Note: Since this Bitlocker is only available for windows pro versions , the same group policy is only available on pro versions. The Group Policy feature is not available on Windows Home and beginner versions.

If we pay close attention, this error is more of a statement. However, for a better understanding, we need to know the meaning of the terms used in the error message.

  1. Trusted Platform Module : The TPM is a chip commonly found in newer systems. It stores the BitLocker Key. In case it is not in the system, the key can be stored on a USB drive.
  2. Administrator Policy : This is the Group Policy set by the management server system. What’s interesting about the bug, however, is that it’s reported on general user systems and not company-managed systems.

Here are two suggestions that might help you.

1] Enable BitLocker without TPM

Now that we understand the error, how to fix it exactly as mentioned in the statement.

Press Win + R to open the Run window and type gpedit.msc and press Enter to open the Group Policy Editor .

Expand the folders in the following order: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.

On the right side of the window, find the option “ Require additional authentication at startup” among the list of options. Double-click it to open its settings window.

The setting is set to Not Configured by default. Change it to Enabled .

When you set the radio button to on, it automatically checks the option for Allow BitLocker without compatible TPM . Otherwise, make sure to check the box before continuing.

Click Apply and then OK to save the settings.

Now open Control Panel and click on the option to Enable BitLocker . It needs administrator access.

See if it helped.

2] Clear TPM

If you still want to use TPM and are sure that your system has the device as part of the hardware, you can try removing the TPM. The procedure is as follows:

Deleting the TPM may affect the data on the system, so please back up your data before continuing with this step.

Press Win + R to open the Run window. Then type the command tpm.msc and press Enter. It will open the TPM window.

Under Actions click on Clear TPM and reboot the system.

If TPM is OFF, you will find an option to Initiate TPM under the Actions tab. Click that option and reboot the system.

If the TPM has never been initialized, the TPM setup wizard prompts the Enable TPM Secure Hardware Dialog. Follow the steps in the Wizard and once the TPM is set up, please reboot the system.

Enable BitLocker in Windows 10 without TPM chip

Now, first we need to open the Local Group Policy editor to Allow Bitlocker without TPM.

  • Press Windows key + R, type gpedit.msc and press enter key.
  • In the Group Policy Editor, navigate to Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives.
Require additional authentication at startup
Require additional authentication at startup
  • Double-click Require additional authentication at startup in the main window. Pay attention to select the right option as there is another similar entry for (Windows Server).
  • Now select Enable in the upper left and enable allow BitLocker without compatible TPM (requires password or boot key on USB flash drive) below.

That’s all now click Apply , OK and exit to exit the Group Policy Editor.

Update Group Policy for the changes to take effect immediately. To do this, press Win + R then type gpupdate / force and press enter key .

A command prompt will open with the update policy. after successfully completing the command close the update and switch to the Turn on button in Bitlocker Drive Encryption. This time you are not facing any problem or error.

Video – Fix This device can’t use a Trusted Platform Module

 

Hopefully, after performing these steps the This device can’t use a Trusted Platform Module error while Enable BitLocker will be fixed. If you have any doubts about anything, please let us know by leaving a comment below. Visit Macwintips.com to update the most practical and useful tips for Mac and Windows!