My OS drive (Windows 11, drive C:) is currently password protected. I want to Remote Desktop into it, so I want to remove the password protection and let TPM handle it.
The Control Panel Bitlocker page doesn't have "Change how drive is unlocked at startup" as an option. And when I type manage-bde -protectors -add C: -tpm
I get this error:
A TPM key protector cannot be added because a password protector exists on the drive.
I have the Bitlocker Operating System Drives group policy set as follows:
- Require Additional authentication at startup: Enabled.
- Allow BitLocker without compatible TPM: unchecked
- Configure TPM startup: Allow (I also tried "require")
- Configure TPM startup PIN: Allow
- the rest of the options: Do not allow
The results of manage-bde -status C:
BitLocker Version: 2.0 Conversion Status: Fully Encrypted Percentage Encrypted: 100.0% Encryption Method: XTS-AES 128 Protection Status: Protection On Lock Status: Unlocked Identification Field: Unknown Key Protectors: Password Numerical Password
Any help is appreciated.
EDIT: The only way I figured out how to do it was to unencrypt the drive and start the encryption process over.
