Some users complained about this issue that when they access BitLocker on their Windows 11/10 computer, they see a For your security, some settings are managed by your system administrator message on the top part of the BitLocker Drive Encryption window. This message could appear when you configure and use BitLocker Drive Encryption, encrypt or decrypt a drive, etc. Such a message may also be visible when users open Internet Properties and try to customize the security settings. For both situations, we have added some helpful solutions in this post to fix the issue.
For your security, some settings are managed by your system administrator.
For your security, some settings are managed by your system administrator
To fix this some settings are managed by your system administrator issue on your Windows 11/10 computer, you can use the solutions covered below:
- Sign in with an Administrator account
- Turn off BitLocker for a drive
- Remove Work or School account
- Check BitLocker Drive Encryption Group Policy settings
- Configure Security Zones setting using the Group Policy Editor
- Check the Internet Settings Registry entry.
Let’s check all these solutions one by one.
1] Sign in with an Administrator account
If you want to enable encryption or change BitLocker configuration for fixed data drives and/or operating system drives, then your user account must be in the local Administrators group. A standard user account can only be used to configure BitLocker for removable data drives only. And, if a user account is not in that membership and you use that account to access the BitLocker Drive Encryption window, then you may see this error message.
So, if you are signed in with some user account with no administrative privileges, then to fix this issue, you should log in as an administrator on Windows 11/10 system and then try again. You can use the existing administrator account, create a new local administrator account, use a built-in administrator account, or change a standard account to an admin account, and then access the BitLocker Drive Encryption window. It should solve your problem.
2] Turn off BitLocker for a drive
This is one of the effective solutions to get rid of this problem. For me, this message was gone once I turned off BitLocker protection for my operating system drive. So, turn off BitLocker protection for a drive (fixed data drive, operating system drive, or removable data drive) if you don’t need the encryption anymore or for the time being for that particular drive and see if it helps. To do so:
- Type manage bitlocker in the Search box of Windows 11/10
- Hit the Enter key to open the BitLocker Drive Encryption window
- Expand a drive section
- Use the Turn off BitLocker option for the drive that you want to decrypt or remove the protection.
3] Remove Work or School account
If you are connected with a Work account or a School account on your Windows 11/10 PC, your organization or school might control or restrict some settings you can change. So, remove the Work or School account and sign in with your own administrator account and see if you are able to use BitLocker without any issues.
4] Check BitLocker Drive Encryption Group Policy settings
There are certain Group Policy settings for BitLocker available in Windows 11/10 which if configured can put different restrictions on using BitLocker. For example, you can configure a Group Policy setting to enforce drive encryption type to Full encryption or Used Space Only encryption on the operating system drive(s). If any of the available Group Policy settings are configured, then you may see the message that some settings are managed by your system administrator on the BitLocker Drive Encryption window. So, you need to check if some Group Policy settings are configured for BitLocker Drive Encryption. For this:
- Type gpedit.msc in the Search box of Windows 11/10 and press Enter key to open the Group Policy Editor window
- Access the BitLocker Drive Encryption folder in the Group Policy window. For this, use the following path:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption
- On the right-hand section, you will see the main settings for BitLocker Drive Encryption and Fixed Data Drives, Operating System Drives, and Removable Data Drives folders which contain many other settings. Now check if the status of those settings is set to Enabled or Disabled. If yes, double-click on a setting to open it, select the Not Configured option for that setting, and press the OK button.
Repeat these steps for all other settings. Restart your system and then access BitLocker settings. Your problem should be gone now.
Related: Some settings are managed by your organization message on Windows PC.
5] Configure Security Zones setting using the Group Policy Editor
As we mentioned at the start, in another scenario, some users see this Some settings are managed by your system administrator message (as highlighted in the image above) when they try to change Security settings in the Internet Properties window. Because of this, they aren’t able to change the security level on the Internet category, customize the security level or use the Custom level button for the Local intranet, etc.
If you also face this problem and see this message, then it could have happened because a Security Zones setting is enabled in the Group Policy Editor that prevents users from changing the security-level setting and using the custom level button. So, you need to configure that Security Zones setting using the Group Policy Editor.
To do so, use the following steps:
- Open the Group Policy Editor window
- Jump to the Internet Explorer folder. The path is:
Computer Configuration > Administrative Templates > Windows Components > Internet Explorer
- On the right-hand part, double click on the Security Zones: Do not allow users to change policies setting
- If this setting is set to Enabled or Disabled, change it to Not Configured
- Press the OK button
- Close the Group Policy Editor window.
6] Check Internet Settings Registry entry
A correspondence Registry entry for the same Security Zones Group Policy setting (mentioned above) is present in the Registry Editor if it is Enabled. So, you need to find and remove such an entry. For this, you need to check the Internet Settings Registry entry. Here are the steps:
- Type regedit in the Search box and press Enter key
- Access the Internet Settings Registry key under the main root key. Here is the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- On the right-hand part, look for
Security_HKLM_onlyDWORD (32-bit) Value - Right-click on that DWORD value and use the Delete option
- In the Confirm Value Delete box, hit the Yes button.
Now check if the error message is gone.
How do I fix Virus and Threat protection is managed by Administrator?
If you see a Your Virus & threat protection is managed by your organization message in Windows Security app on your Windows 11/10 system, then you need to delete a DisableAntiSpyware Registry DWORD value. This DWORD value if enabled turns off Microsoft Defender Antivirus because of which you may see this error message. So, access the following path in Registry Editor and delete this DWORD value:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
How do you remove this app has been blocked by your Administrator?
If you try to run a program or app on your Windows 11/10 system and you receive
This app has been blocked for your protection. An administrator has blocked you from running this app error, then try to run the program from an elevated Command Prompt window. If that doesn’t work, then temporarily disable SmartScreen and turn off UAC and then run the app or program.
Read next: How to configure the use of Passwords for BitLocker removable drives.
