Fix: Secure Boot Can Be Enabled When System in User Mode

Secure Boot can be enabled when system in User Mode: How to fix it? This article shows what causes the error and fix it in 7 practical ways. We can also help you recover data lost due to this error.

By @Lori Last Updated November 1, 2024

Secure Boot is a crucial component designed to protect your system from malware and unauthorized software during the boot process. Encountering the “Secure Boot can be enabled when system in User Mode” error can be frustrating, especially if you are trying to ensure your PC's security features are properly configured.

Don't worry, this guide will delve into what causes this error and how to effectively fix it. To recover data lost due to Secure Boot error, this guide can also help you.

Understanding Secure Boot and User Mode

Before we jump into the fixes, let's take a quick detour to understand what we're dealing with. Secure Boot is a feature in your computer's UEFI firmware (that's the modern replacement for the BIOS) that checks the signature of each piece of boot software, including boot loaders and drivers. It's designed to protect your system from malware by only allowing trusted software to run at boot time.

When Secure Boot is fussing about being in user mode, it's essentially saying it's not in the state to enforce its security standards. Think of it as a security guard being told they can only use their flashlight but not their whole security toolkit.

Common Causes of the Error

Various factors can trigger this error, including:

  • Corrupted Boot Configuration Data (BCD)
  • Incorrect BIOS configurations
  • Virus and malware infections
  • Hardware issues
  • User Mode not being enabled
  • Outdated system firmware
  • Corrupt system files
  • Incompatible partition table
  • Incompatible BIOS mode
  • Enabled Compatibility Support Module (CSM)

Fix "Secure Boot Can Be Enabled When System in User Mode"

Here are practical solutions on how to fix “Secure Boot can be enabled when system in User Mode” error. Try them one by one until the error is resolved. First, you need to check Secure Boot status on your PC. Then, choose different fixes based on the status.

  1. Press Windows + R to open the Run dialog.
  2. Type msinfo32 and press Enter to open System Information.
  3. Look for the "Secure Boot State" entry. If it’s "On," Secure Boot is already enabled. If it’s "Off" or "Unsupported," proceed with the following steps.

Case 1: Secure Boot Is Unsupported

Secure Boot may be unsupported due to disabled TPM, or incompatible BIOS mode, partition table, or hardware.

Fix 1: Convert MBR to GPT

Secure Boot requires UEFI boot mode, which supports GPT disks. If your system uses MBR, you need to convert it to GPT.

  1. Open Disk Management and check your partition style.
  2. If it’s MBR, use a tool like AOMEI Partition Assistant to convert MBR to GPT without data loss.

Fix 2: Change Boot Mode from Legacy to UEFI

  1. Restart your PC and enter the BIOS setup (usually by pressing a key like F2, F12, Del, or Esc during startup).
  2. Navigate to the Boot tab and change the Boot Mode setting from Legacy to UEFI.
  3. Save changes and exit BIOS.

Fix 3: Enable TPM

  1. Press Windows + R, type tpm.msc, and press Enter to open TPM Management.
  2. Ensure TPM is enabled. If not, enable it through your BIOS settings.

Case 2: Secure Boot Is Off

Fix 1: Enable User Mode

  1. Press Windows + R, type gpedit.msc, and press Enter to open the Local Group Policy Editor.
  2. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
  3. Find and enable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy.

Fix 2: Run SFC and DISM

  1. Open Command Prompt as administrator.
  2. Run sfc /scannow to scan and repair system files.
  3. If issues persist, run DISM /Online /Cleanup-Image /RestoreHealth to restore the system image.

Fix 3: Fix BCD Files

  1. Boot your PC using Windows installation media and select "Repair your computer."
  2. Go to Troubleshoot > Advanced options > Command Prompt.
  3. Run the following commands:bash

    bootrec /repairbcd bootrec /osscan

Fix 4: Disable CSM and Reinstall Windows

Make sure to back up your important files to avoid losing any data. To create a file backup, this free backup software for Windows - AOMEI Backupper Standard can help you with the process easily.

Disable CSM

  • Restart your computer. Press the BIOS/UEFI key (like F2, F10, F12, or Del) to enter BIOS settings.

  • In the BIOS menu, find the Boot section. Set CSM (Compatibility Support Module) to Disabled.
  • Save the changes and exit the BIOS. Your computer will restart.

Reinstall Windows

  • Download the Media Creation Tool from the Microsoft website. Use it to create a bootable USB drive with Windows installation files. 
  • Insert the bootable USB drive into your computer. Restart and press the boot menu key (like F12 or Esc). Select the USB drive as the boot device.
  • Follow the on-screen instructions to start Windows installation. Choose Custom Installation.
  • Delete existing partitions and create a new one for Windows (this will erase all data on the drive).

Other Common Fixes

Here are some additional solutions that might help in various scenarios:

  1. Run a Full Virus Scan: Use Windows Defender or any trusted antivirus software to perform a full system scan.
  2. Update BIOS: Check your motherboard manufacturer’s website for BIOS updates.
  3. Upgrade Hardware: Ensure your hardware is compatible with Secure Boot requirements.
  4. Enroll Platform Key (PM): Create a password on the Admin and User security tabs in your BIOS, then clear those passwords under PK management.

Recover Lost Data After Fixing Secure Boot Error

You might have lost data during troubleshooting or have backups that need restoration. After resolving the “Secure Boot can be enabled when system in User Mode” error , your can use effective and reliable data recovery software like MyRecover to recover lost or deleted data quickly and easily.

MyRecover
Professional Data Recovery Software
  • It can help you recover data lost due to Secure Boot issues, accidental deletion, system failures, virus infection, or formatting errors.
  • It supports recover data from formatted hard drive, SSDs, USB drives, and external storage devices.
  • It can recover 200+ file formats, such as Microsoft Word, Excel, PPT, PDF, PPTX, JPG, PNG, MP4, MOV, MP3, CDA, 7Z, ZIP, MSG, EML, and more.
  • If an unexpected system crash results in data loss, this toolcan help you perform computer crashed recovery.
Download Software Windows 11/10/8.1/8/7& Windows Server
100% Secure

Here's a simple steps to recover data from your PC after fixing Secure Boot issues:

Step 1: Select a drive and Start Scanning

Launch MyRecover and Hover the mouse over the drive where you lost data. Then, click Scan.

Step 2: Filter and Preview Files

MyRecover's scan employs both Quick Scan and Deep Scan to meticulously navigate your hard drive. You can use the Search or Filter features for swift results.

Step 3: Recover Lost Data

Click the checkbox next to the file and click Recover X Files to restore the lost data to a new location for recoverable files to avoid data overwriting.

MyRecover has three editions: Free, Pro and Technician. With the free version, you can scan the drive and recover files up to 500MB without paying anything. To enjoy unlimited data recovery, please upgrade to MyRecover Pro or Technician.

Conclusion

The “Secure Boot can be enabled when system in User Mode” error can be a hindrance, but with the right steps, it is manageable. By following the solutions outlined above, you can restore Secure Boot functionality and ensure your system’s security.

To recover data lost due to Secure Boot error, consider using MyRecover to help you. This tool also allows you to recover deleted files from hard disk without OS. You can try the free edition to recover 500MB files.

Download Software Windows 11/10/8/7/Server
Secure Download

FAQs About Secure Boot

What is Secure Boot?

Secure Boot is a security standard developed by members of the PC industry to help ensure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).

Why am I seeing a 'secure boot can be enabled when system is in user mode' issue?

This message typically appears when Secure Boot settings are misconfigured in your system's BIOS/UEFI firmware, often due to incorrect settings or an outdated firmware version.

Can updating my system's BIOS/UEFI firmware solve the Secure Boot issue?

Yes, updating the firmware can resolve issues related to Secure Boot and other system functionalities, as manufacturers release updates to fix bugs and improve security.

Is disabling Fast Boot necessary to fix Secure Boot issues?

While not always necessary, disabling Fast Boot can help in some cases where it interferes with the proper functioning of Secure Boot during the system's boot process.

What is MyRecover, and how can it help?

MyRecover is a recovery tool designed to address various system boot issues, including Secure Boot problems. It provides a user-friendly interface to repair common issues without needing extensive technical knowledge.