I am trying to set group policy setting for a thinkpad running Windows Enterprise 8.1. It has a 1.2 TPM. I wanted to require a TPM and pin so set the options for the operating system drive as follows:

Allow data recovery agent Enabled Configure user storage of BitLocker recovery information: Allow 48-digit recovery password Allow 256-bit recovery key Omit recovery options from the BitLocker setup wizard Enabled Save BitLocker recovery information to AD DS for operating system drives Enabled Configure storage of BitLocker recovery information to AD DS: Store recovery passwords and key packages Do not enable BitLocker until recovery information is stored to AD DS for operating system drives Enabled
Allow BitLocker without a compatible TPM      Disabled Configure TPM startup: Require TPM Configure TPM startup PIN: Require startup PIN with TPM Configure TPM startup key: Do not allow startup key with TPM Configure TPM startup key and PIN: Do not allow startup key and PIN with TPM

When I try to enable bitlocker on the thinkpad I get an error:

"The group policy settings for bitlocker are in conflict and cannot be applied." 

I tried changing the options for pin and key to 'ALLOW' but I got the same error with this config:

Allow data recovery agent Enabled Configure user storage of BitLocker recovery information: Allow 48-digit recovery password Allow 256-bit recovery key Omit recovery options from the BitLocker setup wizard Enabled Save BitLocker recovery information to AD DS for operating system drives Enabled Configure storage of BitLocker recovery information to AD DS: Store recovery passwords and key packages Do not enable BitLocker until recovery information is stored to AD DS for operating system drives Enabled
Allow BitLocker without a compatible TPM   Disabled Configure TPM startup: Require TPM Configure TPM startup PIN: Allow startup PIN with TPM Configure TPM startup key: Allow startup key with TPM Configure TPM startup key and PIN: Allow startup key and PIN with TPM

Hi,

As I known, When using data recovery agents, you must enable and configure the Provide the unique identifiers for your organization policy setting.

Please check this article:

Using Data Recovery Agents with BitLocker
https://technet.microsoft.com/en-us/library/Dd875560(v=WS.10).aspx

I used the GPMC to set the unique identifier but I am getting the same error. I went through the"Best Practices for BitLocker if Windows 7" and set up group policies exactly as laid out in the document but still get the error.