Tom Skowyrski
asked on
Enable BitLocker remotely on system without TPM
I would like to enable BitLocker through command prompt of my RMM (can run cmd as system).
1. Most of the systems don't have TPM. I would like to use there Password to unlock BitLocker drive.
2. I have couple of systems which have TPM. I would like to use there PIN in addition to TPM to unlock BitLocker drive.
We would like to encrypt with 256 strength, recovery path to be "\\localhost\c$\users\" (I used it in GUI BitLocker).
I found some examples and articles for PowerShell, but could not find anything for systems without TPM.
I tried using:
$SecureString = ConvertTo-SecureString "u7Y1FzJ6D8Wr1" -AsPlainText -Force
Get-BitLockerVolume | Enable-BitLocker -EncryptionMethod Aes256 -RecoveryKeyPath "\\localhost\c$\users\" -PasswordProtector $SecureString -RecoveryKeyProtector $SecureString -SkipHardwareTest
or
manage-bde but could not get past erros:
"Enable-BitLocker : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:23
+ ... kerVolume | Enable-BitLocker -EncryptionMethod Aes256 -RecoveryKeyPat ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~
+ CategoryInfo : InvalidArgument: (:) [Enable-BitLocker], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Enab le-BitLock er"
or
"ERROR: An error occurred (code 0x8028400f):
A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer."
Tried amending the above commands and playing with it but I got stuck.
The systems we have have Windows 10 Pro installed.
If I have to use Powershell, then maybe I can create a script file which could be copied to the device and then PowerShell script started through PowerShell command in CMD.
Any ideas would be welcome.
Thank you in advance
Tom
1. Most of the systems don't have TPM. I would like to use there Password to unlock BitLocker drive.
2. I have couple of systems which have TPM. I would like to use there PIN in addition to TPM to unlock BitLocker drive.
We would like to encrypt with 256 strength, recovery path to be "\\localhost\c$\users\" (I used it in GUI BitLocker).
I found some examples and articles for PowerShell, but could not find anything for systems without TPM.
I tried using:
$SecureString = ConvertTo-SecureString "u7Y1FzJ6D8Wr1" -AsPlainText -Force
Get-BitLockerVolume | Enable-BitLocker -EncryptionMethod Aes256 -RecoveryKeyPath "\\localhost\c$\users\" -PasswordProtector $SecureString -RecoveryKeyProtector $SecureString -SkipHardwareTest
or
manage-bde but could not get past erros:
"Enable-BitLocker : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:23
+ ... kerVolume | Enable-BitLocker -EncryptionMethod Aes256 -RecoveryKeyPat ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Enable-BitLocker], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Enab
or
"ERROR: An error occurred (code 0x8028400f):
A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer."
Tried amending the above commands and playing with it but I got stuck.
The systems we have have Windows 10 Pro installed.
If I have to use Powershell, then maybe I can create a script file which could be copied to the device and then PowerShell script started through PowerShell command in CMD.
Any ideas would be welcome.
Thank you in advance
Tom
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.