Trying to use manage-bde to turn on bitlocker
Im running a .bat file to try and turn on Bitlocker:
c:\Windows\System32\manage
timeout /t 10
C:\Windows\System32\manage
timeout /t 10
shutdown.exe /r /t 10
But when it reboots it gives me message attached. Is it possible to store the public key or whatever it needs to login somewhere on the local drive? If so what command should I use?
Untitled.png
c:\Windows\System32\manage
timeout /t 10
C:\Windows\System32\manage
timeout /t 10
shutdown.exe /r /t 10
But when it reboots it gives me message attached. Is it possible to store the public key or whatever it needs to login somewhere on the local drive? If so what command should I use?
Untitled.png
Has tpm been enabled either through a gpo, command line or by going in the bios 》security and enabling it?
ASKER
Yes TPM will be enabled using a script we are deploying from Dell. It works. I guess maybe im not understanding the Bitlocker and how the encryption works.
Doesnt Bitlocker require you to have a private key stored in the TPM and a public key somewhere such as a USB drive or External drive? Then we have a recovery information which we store in Active Directory in case a user loses there drive?
Doesnt Bitlocker require you to have a private key stored in the TPM and a public key somewhere such as a USB drive or External drive? Then we have a recovery information which we store in Active Directory in case a user loses there drive?
The line in your managebde is saving the bitlocker key to the c drive in a folder named bitlocker. If I'm not mistaken you have configured your gpo so we can save to activedirectory, correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes the recovery information is saved to AD. So I dont need this part "-RecoveryKey c:\bitlocker" Since I am storing it in AD, correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It works without the "-recoverykey c:\bitlocker" Im waiting for it to encrypt and see if it stores information in AD.
Last question. I cant remember why I put the "c:" in the line. What would this do? Should I remove that as well?
Last question. I cant remember why I put the "c:" in the line. What would this do? Should I remove that as well?
ASKER
Nevermind that says to encrypt the c drive
guessing you don't have tpm chip in your computer
-RecoveryKey
Specifies a valid external recovery key file that can be used to unlock the drive.
https://technet.microsoft.com/en-us/library/dd875513%28v=ws.10%29.aspx#BKMK_on