Windows 10 bitlocker featured 1 696x367

Enable Bitlocker

Enable bitlocker and save the key

Description

2 agent procedures to check if Bitlocker can be enabled, check hard drive configuration and perform the necessary turn it on and capture the status and recovery password to custom fields

Developer
  • Name: Paul Fuggles
  • Company: Tearfund
  • Website: http://www.tearfund.org
  • Contact Developer
  • Summary
  • Enable Bitlocker
  • 144 Downloads
  • Released on May 15th, 2018
  • Reviews
    Gravatar for Jesse Donk
    by Jesse Donk on August 23rd, 2018

    great script, its gonna save our servicedesk alot of time! tnx! a small addition i made, because sometimes the key saver saves the TPM state instead of the recoverykey. i changed: Manage-bde -protectors -get c: | Out-File "#AgentWorkingDirectoryPath#\BitlockerProtectors.txt" to: Manage-bde -protectors -get -type recoverypassword c: | Out-File "#AgentWorkingDirectoryPath#\BitlockerProtectors.txt" This way, only the recoverykey is shown, and its ensured that that is what you save to Kaseya.

    Discussion
    Gravatar for Russ Stewart
    Russ Stewart 5 months ago

    I will test shortly but I've been wanting this. Thanks to Kaseya for helping everyone with the leg work.

    Gravatar for Jonathan Weaver
    Jonathan Weaver 5 months ago

    Russ - I am in the middle of deployment to approximately 50 machines - things are going smoothly with this script.

    Gravatar for matthew jordan
    matthew jordan about 1 month ago

    Hi Russ,  I seem to get an output of 0, on some machines (even though the script does enable Bitlocker.   Have you ever see that?

    Gravatar for Phil Case
    Phil Case about 1 month ago

    I've seen this. I think it's because the format of the output can change so the steps which scan the output for the key string pick up the wrong line.

    I haven't had time to look into modifying the script and we don't use it on large numbers of clients so I've taken to connecting to the client through Liveconnect, and running the command line to pick up the key.

    c:\> manage-bde -protectors -get c:

    BitLocker Drive Encryption: Configuration Tool version 10.0.17134
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.

    Volume C: [Windows]
    All Key Protectors

        Numerical Password:
          ID: {46545517-3597-4FBA-BF5C-xxxxxxxxxxxxxxxx}
          Password:
            440869-524645-375749-109890-574409-712613-513139-xxxxxx

        TPM:
          ID: {9217F44E-5592-4B43-86A3-FCAxxxxxxxxxxx}
          PCR Validation Profile:
            7, 11
            (Uses Secure Boot for integrity validation)

    Hope that helps or gives you a pointer

    Gravatar for matthew jordan
    matthew jordan about 1 month ago

    Awesome many thanks.

    Gravatar for John Rutkowski
    John Rutkowski about 1 month ago

    I'm getting a "The" in the Bitlocker Recovery Key field. This turns out to be a machine that TPM is not enabled on, hence it can't run Bitlocker. So some other logic needs to be added.

    The two files it created are 

    BITLOCKERSTATUS.TXT

    BitLocker Drive Encryption: Configuration Tool version 10.0.15063

    Copyright (C) 2013 Microsoft Corporation. All rights reserved.


    ERROR: The volume C: could not be opened by BitLocker.

    This may be because the volume does not exist, or because it is not a valid

    BitLocker volume.

    BitlockerProtectors.TXT
    BitLocker Drive Encryption: Configuration Tool version 10.0.15063
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.

    ERROR: An error occurred (code 0x80070057):
    The parameter is incorrect.