Reputation: 1
Can't Get BitLocker to Deploy Via PowerShell or VBS-Scripts Run Fine If Launched Manually. Any thoughts On What Might Be Stopping Me?
As the title suggests, I'm trying to deploy BitLocker in my organization. I've done this before elsewhere, and I've done it in my test environment here. However, I can't seem to get either a powershell script or VBS login to start the encryption process on a computer in our production environment.
At this point, I've tried four different scripts: two powershell scripts written by me, one cribbed from the internet, and one simple VBS script. I'll explain below what happened with each one.
First script: I attempted to run this one via scheduled task created by GPO. One the client computers, the task shows up and is run, but the powershell script returns a an error code.
It does, however, run correctly if run manually. I think there was a debugging issue here that I fixed in a later script.
Second script: In the interest of debugging, I went back to a very basic script, and to deliver this one as a scheduled task first and then as logon script. In both cases, it would show that it had run, but it would not be encrypted.
However, if run remotely, it worked fine.
At this point, I decided to switch tactics. I setup a login script and attached it to user in AD to run on login. It didn't work, but once again, if I double clicked on the script and ran it inside of Windows, it worked.
Next, I pulled this: https://gist.github.com/jesseloudon/7f7482916c2c4c993948c2157a537045, and set it as a logon script in Group Policy editor.
Same effect as the ones above.
This has got to be some policy or setting I'm forgetting or overlooking, but for the life of me I can't think of it.
Any help would be greatly appreciated.
Upvotes: 0
Views: 84
Answers (1)
Reputation: 106
Try using this powershell script as a script of log in into the devices
Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -UsedSpaceOnly -RecoveryKeyPath "\Path\To\Key" -RecoveryKeyProtector
OR this if you prefer to set a password instead of a recovery key
$SecureString = ConvertTo-SecureString "<YOURPASSWORD>" -AsPlainText -Force
Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -UsedSpaceOnly -Password $SecureString -PasswordProtector
Remember that to activate Bitlocker you need administrator permissions
I hope this solve your problem!
Regards!
Upvotes: 0
Related Questions
- Display all environment variables from a running PowerShell script
- In PowerShell, how do I define a function in a file and call it from the PowerShell commandline?
- How to run a PowerShell script
- Logon scripts are running with admin powershell by default can this be changed?
- Why is my locally-created script not allowed to run under the RemoteSigned execution policy?
- The response content cannot be parsed because the Internet Explorer engine is not available, or
- vbs wrapped ps1 script delivers incomplete results
- Ansible Winrm HTTPS Listener configuration via GPO