Issue
- "The disk specified is locked (0xC00B004F)" error message appears when SafeStart fails after an attempt to OPAL encrypt a system
Details
Windows and other software can automatically configure drives and take ownership of the drive. If a drive is already owned by another piece of software on the system, ESET Endpoint Encryption cannot configure the drive and take ownership of it when encryption is trying to start.
Solution
To unlock the drive, you need to perform a PSID revert. After the PSID revert, reinstall Windows. To stop Windows automatically locking the drive, perform the following steps in the Windows setup process:
-
Boot from the installation disk/USB flash drive with Windows setup. Wait for the first setup screen.
-
Open Command Prompt window and Launch Registry Editor. To do this, on your keyboard press Shift+F10, type
regedit, and press Enter.
Figure 1-1
Click the image to view larger in new window -
Navigate to the registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices. -
Right-click the blank space and click New → DWORD (32-bit) Value.
Figure 1-2
Click the image to view larger in new window -
In the Value name box, type
TCGSecurityActivationDisabled. In the Value data box, type1and click OK.
Figure 1-3
Click the image to view larger in new window -
Proceed with the Windows installation process as normal.
Alternatively, you can set up an unattended file that disables this feature on Windows installation. Read more in Microsoft Documentation about TCGSecurityActivationDisabled and DisableEncryptedDiskProvisioning.
