Nani
Reputation: 1176
Enable BitLocker through Powershell script avoiding startup authentication
I'm working on a PowerShell script to enable BitLocker in all the endpoints of our organization, including ones which are not connected to domain(accessing private network). I don't want to use TPM since some endpoints may not have it, and also I don't want Startup authentication, I just want to enable BitLocker with a Recovery Password. I'm working on below script to do the same. But it is getting error saying that Group Policy settings do not permit the creation of a password. But I don't find any such setting in GPO(Computer Configuration->Windows Components->BitLockerDriveEncryption->OperatingSystemDrives) to allow Password creation for BitLocker.
Please help me solve this:
$outputFile = "C:\bitlocker_output.txt"
Get-TPM | Out-File -FilePath $outputFile -Append
$bitlockerStatus = Get-BitLockerVolume -MountPoint "C:"
if ($bitlockerStatus.ProtectionStatus -eq "On") {
Write-Host "BitLocker is already enabled on drive C:"
"BitLocker is already enabled on drive C:" | Out-File -FilePath $outputFile -Append
exit
}
Write-Host "BitLocker is not Enabled"
"BitLocker is not Enabled" | Out-File -FilePath $outputFile -Append
$hostname = [System.Net.Dns]::GetHostName()
$username = [Environment]::UserName
$currentDateTime = Get-Date
$trimmedDateTime = $currentDateTime.ToString() -replace '\s', ''
$passwrdString = "$hostname~$username~$trimmedDateTime"
"$passwrdString : is RecoveryPassword" | Out-File -FilePath $outputFile -Append
$password = ConvertTo-SecureString -AsPlainText $passwrdString -Force
try {
Enable-BitLocker -MountPoint "C:" -PasswordProtector -UsedSpaceOnly -SkipHardwareTest -Password $password | Out-File -FilePath $outputFile -Append
} catch {
"Error happened at Adding BitLocker Key protector" | Out-File -FilePath $outputFile -Append
Write-Error $_.Exception.Message | Out-File -FilePath $outputFile -Append
exit
}
$recoveryKey = Get-BitLockerRecoveryKey -MountPoint "C:"
Write-Host "BitLocker Recovery Key: $recoveryKey"
"BitLocker Recovery Key: $recoveryKey" | Out-File -FilePath $outputFile -Append
Upvotes: 0
Views: 176
Answers (0)
Related Questions
- How can I switch a bitlocked drive from password protected to TPM-only?
- Terminating a script in PowerShell
- How can I pass an argument to a PowerShell script?
- How to run a PowerShell script
- How to stop a PowerShell script on the first error?
- What's the best way to determine the location of the current PowerShell script?
- Echo equivalent in PowerShell for script testing
- Loop through files in a directory using PowerShell
- Take ownership of TPM