Hi,
I have the issue with Windows 1709 - 1703 - 1511 and Dell Computers (5580 5540) with tpm 2.0 UEFI BIOS, the same issue with tpm 1.2 on Latitude 5580
We try to update the bios and tpm but they d'ont resolve the problem
Since a long time, we use a startup script to enforce bitlocker encryption to all corporate computers (300)
we always get an error code 2147943714 (Converted 0×80070522 -> A required privilege is not held by the client) when wanting to add TPM protector.
It happens with WMI
$ProtectionState = Get-WmiObject -Namespace ROOT\CIMV2\Security\Microsoftvolumeencryption -Class Win32_encryptablevolume -Filter "DriveLetter = '$DriveLetter'"
$ProtectorKeyWithTPM = $protectionState.ProtectKeyWithTPM("ProtectWithTPM")
and Manage-bde
$p = Start-Process manage-bde -ArgumentList "-protectors -add C: -TPM" -wait -NoNewWindow -PassThru
The powershell script works when executed by local administrator.
For me, the, localsystem account don't have necessary privilege to add TPM protector....
Could you explicitlly list all privileges needs to add TPM protector to be sure that localsystem account have them.
Sorry for my bad english
Thanks for your help.