deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #8761 from illfated/patch-1

Browse Source 
MarkDown syntax highlighting, whitespace cleanup
This commit is contained in:
Denise Vangel-MSFT
2020-12-09 10:10:10 -08:00
committed by GitHub
parent d768b929fe 95910d97fd
commit f44ad173b8
1 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md
View File

@ -16,7 +16,6 @@ ms.date: 10/18/2019
ms.custom: bitlocker ms.custom: bitlocker
--- ---
# BitLocker cannot encrypt a drive: known TPM issues # BitLocker cannot encrypt a drive: known TPM issues
This article describes common issues that affect the Trusted Platform Module (TPM) and that may prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues. This article describes common issues that affect the Trusted Platform Module (TPM) and that may prevent BitLocker from encrypting a drive. This article also provides guidance to address these issues.
@ -38,7 +37,7 @@ To resolve this issue, follow these steps:
1. Open an elevated PowerShell window and run the following script: 1. Open an elevated PowerShell window and run the following script:
```ps ```powershell
$Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm" $Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm"
$ConfirmationStatus = $Tpm.GetPhysicalPresenceConfirmationStatus(22).ConfirmationStatus $ConfirmationStatus = $Tpm.GetPhysicalPresenceConfirmationStatus(22).ConfirmationStatus
if($ConfirmationStatus -ne 4) {$Tpm.SetPhysicalPresenceRequest(22)} if($ConfirmationStatus -ne 4) {$Tpm.SetPhysicalPresenceRequest(22)}
@ -90,7 +89,7 @@ To verify that you have correctly identified this issue, use one of the followin
1. To review the TPM information for the affected computer, open an elevated Windows PowerShell window and run the following command: 1. To review the TPM information for the affected computer, open an elevated Windows PowerShell window and run the following command:
```ps ```powershell
Get-ADComputer -Filter {Name -like "ComputerName"} -Property * | Format-Table name,msTPM-TPMInformationForComputer Get-ADComputer -Filter {Name -like "ComputerName"} -Property * | Format-Table name,msTPM-TPMInformationForComputer
``` ```
@ -117,11 +116,11 @@ The domain and forest functional level of the environment may still be set to Wi
To resolve this issue, follow these steps: To resolve this issue, follow these steps:
1. Upgrade the functional level of the domain and forest to Windows Server 2012 R2. 1. Upgrade the functional level of the domain and forest to Windows Server 2012 R2.
1. Download [Add-TPMSelfWriteACE.vbs](https://go.microsoft.com/fwlink/p/?LinkId=167133). 2. Download [Add-TPMSelfWriteACE.vbs](https://go.microsoft.com/fwlink/p/?LinkId=167133).
1. In the script, modify the value of **strPathToDomain** to your domain name. 3. In the script, modify the value of **strPathToDomain** to your domain name.
1. Open an elevated PowerShell window, and run the following command: 4. Open an elevated PowerShell window, and run the following command:
```ps ```powershell
cscript <Path>Add-TPMSelfWriteACE.vbs cscript <Path>Add-TPMSelfWriteACE.vbs
``` ```