Change Local Group Policy Editors Settings
1. start menu
2. type: gpedit.msc
3. right click and open as administrator
Now browse to
Administrative Templates
'-> Windows Components
'-> Bitlocker Drive Encryption
'-> Operating System Drives
'-> Require Additional Authentication At Startup
'-> Press enable
Configure TPM startup: Allow TPM
Configure TPM Startup PIN: Allow Startup with TPM
Conifgure TPM Startup Key. Require startup key with TPM
Configure TPM startup key and PIN: Allow startup key and PIN with TPM
manage-bde -protectors -add c: -TPMAndStartupKey usb_drive:
manage-bde -protectors -delete c: