IT Professional

Albert Widjaja

<div>
<div class="content wysiwyg-content">
Hello, 
 
I try enable Bitlocker on a remote PC with Windows 8.1 via PS-Session and Powershell. 
 
We configured a Policy to store the recovery key via a recovery agent (has a certificate) 
in Active Directory. 
 
By the way, we don't need a Pin, we just set up TPM. 
 
I execute this command in PS and receive the following error: 
 
PS&gt;Enable-BitLocker -MountPoint &quot;c:&quot; -EncryptionMethod Aes256 -TpmProtector 
 
Error: 
Enable-BitLockerInternal : Group Policy settings require that a recovery password be specified before encrypting the 
drive. (Exception from HRESULT: 0x8031002C) 
At C:\windows\system32\windowspowershell\v1.0\Modules\BitLocker\BitLocker.psm1:3620 char:48 
+ &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $BitLockerVolumeInternal = Enable-BitLockerInternal -MountPo ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: NotSpecified: (:) [Write-Error], COMException 
&nbsp; &nbsp; + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Enable-BitLockerInternal 
 
How can I solve this? I try to avoid running to all clients in order to setup Bitlocker. 
 
BR 
insi01
</div>
</div>

Hello,

I try enable Bitlocker on a remote PC with Windows 8.1 via PS-Session and Powershell.

We configured a Policy to store the recovery key via a recovery agent (has a certificate)
in Active Directory.

By the way, we don't need a Pin, we just set up TPM.

I execute this command in PS and receive the following error:

PS>Enable-BitLocker -MountPoint "c:" -EncryptionMethod Aes256 -TpmProtector

Error:
Enable-BitLockerInternal : Group Policy settings require that a recovery password be specified before encrypting the
drive. (Exception from HRESULT: 0x8031002C)
At C:\windows\system32\windowspowershell\v1.0\Modules\BitLocker\BitLocker.psm1:3620 char:48
+                     $BitLockerVolumeInternal = Enable-BitLockerInternal -MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Enable-BitLockerInternal

How can I solve this? I try to avoid running to all clients in order to setup Bitlocker.

BR
insi01

Enable Bitlocker by Powershell doesn't work

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework. PowerShell provides full access to the Component Object Model (COM) and Windows Management Instrumentation (WMI), enabling administrators to perform administrative tasks on both local and remote Windows systems as well as WS-Management and Common Information Model (CIM) enabling management of remote Linux systems and network devices.

Powershell

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.