Monthly Archives: October 2011

You receive a “Access is Denied.” error message when trying to Enable Bit Locker

I recently went to turn on Bit Locker on a Windows 7 Enterprise laptop that was joined to a Small Business Server 2011 Domain. I had turned on the Group Policy setting to force the backup of the TPM/Bitlocker information to Active Directory before allowing the drive to start encryption.

When I tried to run the wizard to enable Bit Locker and received the error:

Access Denied

Also when you open the TPM Settings window you get a different error message:

Error code: 0x80070005

It turns out these are both related to a missing Active Directory security Permission. To resolve it follow these instructions:

  1. Open Active Directory Users and Computers
  2. Right Click on your “SBS Computers” OU and select “Delegate Control”
  3. Click “Next” to start the wizard, click “Add…” and then enter “SELF” in Select Users box, and then click “Check Names…”
  4. Click “OK”, and then click “Next”
  5. Select “Create a custom task to Delegate”, and then click “Next”
  6. Select “Only the following objects in the folder” and then select “Computer Objects”
  7. Click “Next”, Locate the setting “Write msTPMOwnerInformation” and select it
  8. Click “Next” to complete the wizard

Attempt to run the Bit Locker Wizard again, you should be able to Initialize the TPM now, and the wizard should move past that step.