Fix: Group Policy Doesn't Permit The Storage of Recovery Info

Misconfigurations can prevent Group Policy recovery backup

Reading time icon 4 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Key notes

  • The Group Policy does not permit the storage of recovery information can occur if you don’t enable the feature in your Group Policy settings.
  • Deleting your recent Windows update may also fix the problem affecting your Group Policy.

If you’re seeing the Group Policy does not permit the storage of recovery information error message on your PC, then you’re not alone. Users complain about running into this error when accessing their PC’s BitLocker and TPM recovery information.

However, this error occurs for reasons that may differ from other users. Also, it is common to PCs or any devices that use BitLocker Drive Encryption. Encryption software like BitLocker is integrated with the operating system and is used to encrypt an entire volume.

Why does the Group Policy not permit the storage of recovery info?

Issues with the Group Policy not permitting the storage of recovery info occur mainly because the setting to backup TPM recovery information to Active Directory is not allowed. However, other factors that may be responsible for the problem include:

  • Windows update issues: Some users complain about encountering the Group Policy error message after updating their Windows operating system.
  • Issues with Group Policy configuration: You may run into this problem if the Group Policy settings do not permit the creation of a recovery key.
  • Interference with peripherals like USB drives: You may encounter issues during your system start-up due to the USB devices plugged in. The PC may attempt to boot from one of the USB devices resulting in the BitLocker recovery error.

What can I do if the Group Policy does not permit the storage of recovery information?

Make sure you have the following procedures in check before performing any advanced troubleshooting:

  • Ensure that your computer is running on the Administrator account.
  • Disconnect USB devices that are connected to your PC and eject other peripherals. If the USB fails to eject on your Windows 11, hop on our guide for quick fixes.
  • Close background processes interfering with your device’s privacy and security settings, such as antivirus.
  • Restart the computer and check if the issue persists.

If, after all these checks, the issue persists, then proceed to the fixes below.

1. Back up TPM recovery information to Active Directory

  1. Press Windows + R keys simultaneously to open the Run window.
  2. Type in gpedit. msc, then press Enter.
  3. Navigate to the Computer Configuration tab, then open the Administrative Templates.
  4. Select System and click the Trusted Platform Module Services.
  5. Double-click the Turn on TPM backup to Active Directory, then click on the Enabled option.
  6. Check the box for Require TPM backup to AD DS option.

Restart your PC and check if the issue persists.

Editing the Group Policy can be tricky sometimes, and any mistake can fatally impact your computer. Check our guide on how to edit the Group Policy in Windows 11.

2. Back up BitLocker recovery information to Active Directory

  1. Press Windows + R keys simultaneously to open the Run window.
  2. Type in gpedit. msc, then press Enter.
  3. Navigate to the Computer Configuration tab, then open the Administrative Templates.
  4. Select Windows Components, then open the BitLocker Drive Encryption.
  5. Double-click the Turn on BitLocker backup to Active Directory option, then click on the Enabled option.
  6. Check the box for Require TPM backup to AD DS option.

We recommend you restart your device. The above steps can fix the backup BitLocker key protector if it’s not working.

Read about BitLocker not saving keys to AD for more information about BitLocker backup services.

3. Uninstall the recent Windows update

  1. Press Windows + I key to open the Settings app.
  2. Go to the Windows Update tab and select Update history.
  3. Click Uninstall updates and select the most recent update.
  4. Click on Uninstall.

Uninstalling the recent Windows update should help fix the issue.

Also, you can read our article about how Windows update causes BitLocker issues on your device for more details.

However, when using BitLocker, you may encounter a series of issues on your computer. So, we recommend you read through our article on how to fix BitLocker errors in Windows 11.

Also, we have a detailed guide on how to fix Windows asking for the BitLocker recovery key on Windows 11.

For further queries or if you have a suggestion on another fix that has worked for you, kindly leave them in the comments section.

More about the topics: Bitlocker, group policy editor

User forum

0 messages