Secure Boot Can be Enabled When System in User Mode [Fix 2023]

Have you ever been stopped in your tracks by the error message“Secure Boot Can Be Enabled When System in User Mode”?

We’ve been there too and know how confusing it can be.

We had a client just this week report the same issue and we were able to fix it for her!

Through thorough research and firsthand experience, we have uncovered some effective ways to resolve this issue – one of these has to do with checking your Secure Boot state.

Stick around; you’re about to become a master at keeping your system running smoothly and securely.

Understanding the Causes of the “Secure Boot Can Be Enabled When System in User Mode” Issue

1. A Corrupted BCD

A corrupt boot configuration data (BCD) often triggers the issue.

The BCD, a crucial part of your system’s start-up process, might experience corruption due to various reasons such as malware attacks or sudden power failures.

This corruption interferes with the communication between your system’s firmware and hardware during startup.

Consequently, it causes errors like the Secure Boot issue we are addressing here.

To resolve this problem, you will need to rebuild your BCD using command prompt tools like ‘bootrec’ ( more on this later 😉 )

2. Disabled User Mode

It’s a specific mode where applications perform tasks without having the capability to directly access hardware or disturb vital system processes.

The term ‘Disabled User Mode‘ refers to situations when this functionality is turned off in your computer’s settings.

For secure booting purposes, it’s crucial to understand that Disabled User Mode can present challenges.

A disabled user mode prevents certain critical operations from being completed on your device, which might lead to issues such as the error message popping up on your screen.

Enabling user mode becomes an important step for users who are keen on enhancing their system security.

3. Unsupported firmware

The most common reason for this situation is that the existing BIOS does not support secure boot, which results in this error message.

To enable secure boot and transition your system into user mode, you will need a UEFI Firmware Settings change. Manufacturers often release updates that might include improvements on UEFI support and modifications in the system settings menu options.

Therefore, we advise regularly checking for these updates and installing them promptly on your Windows 11 PC to avoid issues like this one.

How to Fix the ” System in Setup Mode Secure Boot Can Be Enabled When System In User Mode” Issue?

Step 1: Check the UEFI Firmware Settings And Re-enable Secure Boot

We need to check the UEFI firmware settings.

This step is crucial because it allows us to understand if Secure Boot is supported and enabled on your system.

By accessing the UEFI menu and examining the Secure Boot state, we can determine if any changes need to be made.

1. To check the UEFI firmware settings, restart your computer and enter the UEFI setup mode by pressing a specific key (usually Del or F2) during startup. 

2. Navigate to the Secure Boot option and verify its status.

If it’s currently disabled, you’ll need to enable it.

You will see an error message reading, “System in Setup Mode! Secure Boot can be enabled when System in User Mode. Repeat operation after enrolling Platform Key(PK)”…No worries..just move on to the next step.

Remember that different computers may have slight variations in their UEFI menus, so make sure to consult your device’s manual or manufacturer’s website for specific instructions tailored to your system.

Step 2: Change Legacy to UEFI 

This step is crucial because legacy BIOS may not support secure boot and can cause conflicts with Windows 11 requirements.

By changing the BIOS setting to UEFI custom, you ensure compatibility with secure boot and enable a more secure system environment.

  1. Hit the BIOS Key: As your computer is starting up, press the key that gets you into the BIOS setup. It’s usually one of the following: F2, F10, F12, or Del. It’s like the secret handshake to get into the tech club.
  2. Find the Right Option: Once inside, navigate your way to the ‘Boot Mode’ or ‘Boot Option Priority’ setting. It might be hiding under the ‘Boot’ tab or ‘Advanced’ tab, so keep an eye out!
  3. Time for a Change: Now, using your arrow keys (like playing a classic video game!), change the setting from Legacy BIOS or CSM to UEFI Custom or Customized Boot.
  4. Save and Wave Goodbye: Save your changes, exit BIOS mode, and restart your PC. Congrats, you’ve just switched lanes, and you’re now cruising in UEFI mode with custom settings.
  5. Take it for a Spin: Now, try to enable Secure Boot from the BIOS menu and see if that pesky issue is fixed.

Remember that this step should be performed carefully as it involves modifying firmware settings, which can have an impact on the overall system functionality.



system information



Check the Secure Boot: Once your PC is back to life, the Secure Boot should be re-enabled, and you should see the supported value showing up in your System Information.

Step 3: Convert Your Partition to GPT

You may need to convert your partition to GPT (if supported).

Converting the partition is necessary for Windows 11 to boot properly.

This can be done through Disk Management or by using a third-party partition management tool.

  1. First things first: Right-click that trusty Start button and choose Disk Management. 
  2. Check The Partition Style in Disk Management: Find your drive, give it a right-click, and choose Properties. It’s like peeking under the hood of your car!
  3. The Big Reveal: Click on the Volumes tab and take a look at the Partition style. If it says GPT, you’re golden, and you can take a bow. If it says MBR, though, stick with me – we’ve got a little more work to do.
  4. Time for a Command: Close that window, click on the Search icon, type “cmd,” and select Run as administrator. Feels like you’re about to launch a spaceship, doesn’t it?
  5. Type It Out: Now, here’s where the magic happens. Type the following command and hit Enter:
    mbr2gpt.exe /convert /allowfullos
  6. After the conversion process is done, go back to Disk Management as you did before and check that Partition style again. It should now proudly read GUID Partition Table (GPT). Throw some confetti – you did it!

 Remember that not all systems support GPT, so it’s important to check if this option is available in your system’s setup menu before proceeding with the conversion.

Step 4: Enroll for Platform Key

By enrolling platform keys through the BIOS screen, you can address the error message and enjoy the benefits of this important security feature.

Keep in mind that the exact location of the Secure Boot option may vary depending on your PC’s BIOS settings.

Nonetheless, enrolling for the Platform Key remains an important part of resolving this issue and ensuring a properly functioning Secure Boot.

It might sound like tech jargon, but I promise it’s straightforward.

Just follow these easy-peasy steps, and we’ll get your computer behaving in no time:

  1. Kick Things Off: Click the ‘Start’ button, and then the Power icon. You’re on a roll!
  2. The Magic Shift Key: Hold down the ‘Shift’ key on your keyboard and select ‘Restart.’ It’s like a secret handshake for your computer!
  3. Into the Advanced Zone: After your PC restarts, choose ‘Troubleshoot’ and then ‘Advanced Options.’ I know, it’s getting exciting!
  4. Meet UEFI: Click the ‘UEFI Firmware Settings’ tab, and then ‘Restart’ again. Your PC will flip into a special UEFI menu. Fancy, right?
  5. Find the Right Buttons: Here’s where you get to be a detective! Look for something called ‘Secure Boot’ or ‘Windows OS Configuration,’ and set it to ‘Enabled.’ You’re almost there!
  6. All About the Key: Spot an option called ‘Platform Key State’ or ‘Setup Mode under Secure Boot’? Set that to ‘Loaded’ or ‘User’ mode. Now, your system’s ready for the Platform Key dance.
  7. The Grand Finale: If you see an option called ‘Enroll Platform Key,’ click it and follow along with the instructions. You’re enabling Secure Boot, like a tech whiz!
  8. Save and Celebrate: After making these tweaks, save everything, exit the UEFI menu, and restart your PC like normal. Voila! You’ve fixed the issue. Give yourself a high-five!

Step 5: Enable User Mode

User Mode is the normal operating mode of your system where processes have limited access to system resources.

Enabling User Mode can help resolve compatibility issues and allow you to enable Secure Boot.

To enable User Mode, you can use the Group Policy Editor on your Windows computer.

  1. Open the Run Dialog Box: Just press the Windows key + R together.
  2. Summon the Group Policy Editor: Type “gpedit. msc” and press Enter. 
  3. Navigate through the Maze: In the left pane, follow this path like you’re on a tech adventure: “Computer Configuration” > “Administrative Templates” > “System.” 
  4. Find the Right Policy: In the right pane, find and double-click on the “User Account Control: Switch to the secure desktop when prompting for elevation.” 
  5. Enable the Power: Select the “Enabled” option
  6. Save and Celebrate: Click “Apply” and “OK” to save the changes, and then close the Group Policy Editor.

The Group Policy Editor allows you to manage various settings and configurations on your system. By enabling User Mode through this editor, you are ensuring that your system operates in a secure and stable environment.

Step 6: Disable CSM and Reinstall Windows 11 

  1. Access BIOS Settings: When you start up your computer, tap the key that gets you into the BIOS settings (it’s often F2 or DEL). You’re going into the heart of your computer here, so take a deep breath and get ready.
  2. Find the CSM Option: Look around for something called “Compatibility Support Module” or “CSM.” You want to disable this guy, so toggle it off.
  3. Save and Restart: Hit save on those changes, then restart your computer. You’re doing great so far!
  4. Create a Windows 11 Installation Media: You’ll need a USB drive with the Windows 11 installer on it. There are lots of guides online to help you with this part if you need them.
  5. Boot from the USB: When your computer starts up again, you’ll want to boot from the USB drive. This might involve hitting a key like F12 as your computer starts up.
  6. Install Windows 11: Follow the prompts to get Windows 11 installed. This is the exciting part! You’re getting a fresh, shiny new operating system.
  7. Check the “Secure Boot State”: Once everything’s set up, you can check the “Secure Boot State” in your System Information. If all has gone well, it should say “On.”

Remember, these steps can cause data loss, so if you find yourself missing some files, don’t panic. There are data recovery tools that might be able to help you get them back.

And that’s it! You’re now rocking Windows 11 with Secure Boot enabled

If you are still having issues, why not give our expert technicians a call and book an appointment today!

Frequently Asked Questions

Why Enable Secure Boot on Windows 11?

Enabling Secure Boot on Windows 11 is of utmost importance for ensuring the security and integrity of your computer system. It is one of the requirements for Windows 11.

By enabling Secure Boot, you create a secure environment during the bootup process, allowing only trusted software to run on your PC.

This significantly reduces the risk of malware attacks and unauthorized modifications to your system.

With Secure Boot enabled, you can have peace of mind knowing that your computer is protected against potential threats and that it meets one of the requirements for running Windows 11 smoothly and securely.

So don’t overlook the significance of enabling Secure Boot – it plays a crucial role in safeguarding your system and maintaining a high level of security.

Why is certain software enforcing TPM and Secure Boot?

Certain software enforces TPM (Trusted Platform Module) and Secure Boot as security measure to ensure the safety of your system. By enabling these features, it helps protect against potential threats like malware attacks and unauthorized access.

TPM provides secure cryptographic operations, while UEFI Secure Boot verifies the integrity of firmware and operating system components during startup. With these measures in place, your system is better equipped to defend against malicious activities and maintain a trusted environment for running trusted software.

What is System User Mode?

System User Mode is a particular mode in which the system operates that can impact the ability to enable Secure Boot. When facing the “Secure Boot can be enabled when System in User Mode” issue, it means that there might be an obstacle preventing you from enabling Secure Boot on your MSI motherboard.

This can occur if your system is not running in User Mode. To resolve this issue, it is crucial to check and adjust the UEFI firmware settings as a first step towards enabling Secure Boot successfully on your system.

Remember, being aware of System User Mode and its impact can help ensure a smooth and secure booting process for your device.

When should Secure Boot be enabled?

To ensure the security and integrity of your system, it is important to enable Secure Boot when installing Windows 11 on your PC. By enabling Secure Boot, you can protect your system against unauthorized software or malware from running during startup.

This helps to safeguard your personal information and prevent potential threats to your computer’s performance. Additionally, some applications, like games, may require Secure Boot to be enabled for proper functionality.

So, make sure to enable Secure Boot when setting up your Windows 11 operating system for better protection and compatibility with trusted software.


In conclusion, enabling Secure Boot when the system is in User Mode is crucial for enhancing the security of your Windows 11 operating system. By following the steps outlined in this article, such as checking UEFI firmware settings and enabling User Mode, you can overcome the “Secure Boot Can Be Enabled When System in User Mode” issue and ensure that only trusted software is loaded during bootup.

Take action now to safeguard your system against potential threats and enjoy a more secure computing experience.

I am a computer engineer holding a bachelor's degree in Computer Science, complemented by a Master's in Business Administration from University of Strathclyde, Scotland. I currently work as a Senior IT Consultant in Melbourne, Australia. With over 15 years of...