This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 4%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi all,
I would need to turn on Bitlocker with a GPO.
I've created a policy where I've added the ps1 below to the startup:
$CdriveStatus = Get-BitLockerVolume -MountPoint 'c:'
if ($CdriveStatus.volumeStatus -eq 'FullyDecrypted') {
C:\Windows\System32\manage-bde.exe -on c: -recoverypassword -skiphardwaretest
}
but it only works when I run it by opening powershell locally and "as administrator"
this is the error that I receive when not running as administrator:
any suggestions?
Thank you very much
Hello Marshall
I do it in a different way, using purely group policy
1.Go to Group Policy Editor in "gpedit.msc"
2.Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
3.n the right pane, double-click "Require additional authentication at startup"
4.Make sure the "Enabled" option is chosen so that all other options below will be active.
5.Uncheck the box for "Allow BitLocker without a compatible TPM."
6.For the choice of "Configure TPM startup:", choose "Allow TPM."
7.For the choice of "Configure TPM startup PIN:", choose "Require startup PIN with TPM."
8.For the choice of "Configure TPM startup key:", choose "Allow startup key with TPM."
9.For the choice of "Configure TPM startup key and PIN:", choose "Allow startup key and PIN with TPM."
10. Click the "Apply" button and then the "OK" button to save the changes.
Hope this helps in your case,
Best regards,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 11%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFJ%3C/text%3E%3C/svg%3E)
Hi
i have BitLocker turned on but it keeps asking me for a password when i startup
is there a way to turn it on without the need to enter a password with every startup?
Hi LimitLess,
thanks for you reply!
I created a policy with your instructions but unfortunately the bitlocker it's still not applied:
any suggestions ?
Thanks you very much
Best regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 77%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
GPOs alone cannot encrypt (unless you have MBAM).
See my article. It uses a GPO to start it scripted: https://www.experts-exchange.com/articles/33771/We-have-bitlocker-so-we-need-MBAM-too.html?preview=hG26jVC1xow%3D
Hi
i have BitLocker turned on but it keeps asking me for a password when i startup
is there a way to turn it on without the need to enter a password with every startup?
Hi Francois.
What does it ask for, the 48-digits of the recovery password? Or the password that you set for yourself?