The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

The Startup options on this PC are configured incorrectly Bitlocker error

Download Windows Speedup Tool to fix errors and make PC run faster

In this post, we will show you how to fix the error The Startup options on this PC are configured incorrectly for BitLocker. A user may see this error message when he tries to use BitLocker on a Windows 11/10 system.

BitLocker encryption is used to make use of its AES encryption technique to secure the whole volume. It is an alternate to EFS or Encrypting File System. BitLocker is preferred by those who wish to encrypt the whole disk rather than EFS which can encrypt individual files.

BitLocker supports the following authentication mechanisms along with an optional escrow recovery key-

  • TPM Only.
  • TPM + PIN.
  • TPM + PIN + USB Key.
  • TPM + USB Key.
  • USB Key.
  • Password Only.

This means that a user gets a lot of options for authentication when they use BitLocker.

The Startup options on this PC are configured incorrectly Bitlocker error

You need to make sure that the BitLocker authentication requiring preboot keyboard is enabled in the Group Policy.

Type gpedit in the Start search box and hit Enter to open the Group Policy Editor. Now, navigate to the following path inside the Group Policy Editor-

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives

Double-click on the configuration listing named as Disallow standard users from changing the PIN or Password to open the configuration page.

This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first. This policy setting is applied when you turn on BitLocker. If you enable this policy setting, standard users will not be allowed to change BitLocker PINs or passwords. If you disable or do not configure this policy setting, standard users will be permitted to change BitLocker PINs and passwords.

Finally, set this Policy as Enabled.

Now, you need to update this Group Policy.

For that, start by opening CMD as Administrator and then execute the following command,

gpupdate /force

This will update the Group Policies in real time, and you will not be supposed to reboot your computer for the changes to take effect.

How do I enable BitLocker in Windows 11 without TPM?

TPM is one of the hardware requirements for BitLocker. However, if your system does not have the Trusted Platform Module, you can still enable BitLocker. BitLocker can be enabled on a system without TPM version 1.2 or higher, provided BIOS or UEFI has the capability to read from a USB flash drive in a boot environment.

How do I get Recovery Key for BitLocker?

If you enable BitLocker on your system drive(s), it is necessary to have the Recovery key. You can use this key to unlock your system if any problem occurs with BitLocker. To get your BitLocker recovery Key, open Windows 11 Settings and go to Device Encryption. There you will find an option to get your BitLocker Recovery Key.

Check if this fixes your issues.

AyushVij@TWC

Ayush has been a Windows enthusiast since the day he got his first PC with Windows 98SE. He is an active Windows Insider since Day 1 and has been a Windows Insider MVP.