Trying to use manage-bde to turn on bitlocker

Im running a .bat file to try and turn on Bitlocker:

c:\Windows\System32\manage-bde -tpm -takeownership dell1234

timeout /t 10

C:\Windows\System32\manage-bde -on c: -rp -RecoveryKey c:\bitlocker

timeout /t 10

shutdown.exe /r /t 10

But when it reboots it gives me message attached. Is it possible to store the public key or whatever it needs to login somewhere on the local drive? If so what command should I use?
Untitled.png
Thomas NSystems Analyst - Windows System AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
Is it possible to store the public key or whatever it needs to login somewhere on the local drive? not since the key is required to unlock the drive once encrypted, and if the drive is encrypted you can't access it
guessing you don't have tpm chip in your computer

 -RecoveryKey
      Specifies a valid external recovery key file that can be used to unlock the drive.
https://technet.microsoft.com/en-us/library/dd875513%28v=ws.10%29.aspx#BKMK_on
0
FOXActive Directory/Exchange EngineerCommented:
Has tpm been enabled either through a gpo, command line or by going in the bios 》security and enabling it?
0
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
Yes TPM will be enabled using a script we are deploying from Dell. It works. I guess maybe im not understanding the Bitlocker and how the encryption works.

Doesnt Bitlocker require you to have a private key stored in the TPM and a public key somewhere such as a USB drive or External drive? Then we have a recovery information which we store in Active Directory in case a user loses there drive?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

FOXActive Directory/Exchange EngineerCommented:
The line in your managebde is saving the bitlocker key to the c drive in a folder named bitlocker.  If I'm not mistaken you have configured your gpo so we can save to activedirectory, correct?
0
David Johnson, CD, MVPOwnerCommented:
c:\bitlocker is a local drive and not a removable drive.  As I mentioned in my first reply that parameter MUST point to a removable drive.
-RecoveryKey
      Specifies a valid external recovery key file that can be used to unlock the drive.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
Yes the recovery information is saved to AD.  So I dont need this part "-RecoveryKey c:\bitlocker" Since I am storing it in AD, correct?
0
FOXActive Directory/Exchange EngineerCommented:
Take that whole line out and retry
0
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
It works without the "-recoverykey c:\bitlocker" Im waiting for it to encrypt and see if it stores  information in AD.

Last question. I cant remember why I put the "c:" in the line. What would this do? Should I remove that as well?
0
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
Nevermind that says to encrypt the c drive
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.