- Delegate permissions for domain join - Mon, Jun 5 2023
- Join Windows 11 to an Active Directory domain - Thu, Jun 1 2023
- Change Windows network profiles between public and private - Wed, May 24 2023
If a drive cannot be encrypted with BitLocker, it is possible that it does not meet the requirements. Therefore, you should first check whether compression has been enabled and whether the cluster size of the file system exceeds 4 KB. Both would be potential obstacles for BitLocker.
But even if these conditions are met, the command to start the BitLocker wizard might still be missing in the context menu of the drive, and the control panel under System and Security > BitLocker Drive Encryption does not show the USB drive.
In some cases the menu entry for BitLocker encryption is missing for a drive
In this case, you can try to start encryption using PowerShell or the command line tool manage-dbe. But already querying the status with
Get-BitLockerVolume -MountPoint <drive letter>
usually leads to the following error:
Get-Win32EncryptableVolumeInternal: e: does not have an associated BitLocker volume.
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:344 char:35
+ ... bleVolume = Get-Win32EncryptableVolumeInternal -MountPoint $MountPoin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Get-Win32EncryptableVolumeInternal
When the GUI option is missing the encryption cannot usually be activated via PowerShell either
The equivalent command
manage-bde -status <drive letter>
generates the following message:
ERROR: The volume E: could not be opened by BitLocker. This may be because the volume does not exist, or because it is not a valid BitLocker volume.
The command line tool manage bde also reports an incorrect status 1
You get the same result if you try to encrypt the drive from the command line, for example with Enable-BitLocker.
However, various reports show that this problem only occurs on certain computers. PCs with newer versions of Windows 10 seem to be affected, while it does not exist under version 8.1.
Disable partition with diskpart
The solution is to set the partition on the USB stick to inactive. This can be done using the command line tool diskpart.exe. Here you enter the following commands:
list disk select disk <#number> list part select part <#number> inactive exit
You pass the number of the disk, which you get from the output of the first command, to the second command. The same applies to the fourth command, where you get the partition number form the previous command
Setting the partition of a removable disk to inactive with diskpart
After disconnecting and reconnecting the memory stick, the command for BitLocker should appear in the context menu of the drive.
Use a different computer
Alternatively, you can activate BitLocker To Go for the removable drive on another PC running an older version of Windows.
However, you do not have to pass the encrypted disk to the user together with the password. Rather, you can simply format the drive afterwards. On the computer that previously refused to encrypt, the command Turn on BitLocker is now available.
Subscribe to 4sysops newsletter!
If there is any data on the external storage medium, you would of course have to back it up beforehand and restore it after formatting.
Thanks !
Did de diskpart thing !
but for me the volume was already inactive, so I put active instead.
AND IT WORKED !
list disk
select disk
list part
select part
active
exit