For some versions of the TPM chip found in the Lenovo ThinkPad T420, you will receive an Access Denied error message when attempting to encrypt the hard disk if you have a group policy enabled that restricts CD/DVD access. Apparently, some models of TPM chip are seen by the system as a CD/DVD device, and will not function correctly if it has been disabled via Group Policy.
The fix is to just disable the group policy until after the disk has been encrypted and the PIN has been setup. Once it has been encrypted you can reapply the Group Policy and it will continue to function normally.