This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 44%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hello,
is there a way to enable bitlocker using a script or command line for all the computers in the company without using TPM and include the password within the script ( i dont want to type the password for every command like this one "manage-bde -on C: -pw" this command it will ask me to enter a password ) ??
finally store all the recovery keys in AD DS.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 77%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Please be aware that unless you don't mind users manipulating/decrypting their drives, using a password should be a no-go.
Only with TPMs you can call this a secure setup. All modern machines (build 2015 and newer) have TPMs or fTPMs. Please check whether your machines are older.
(Business laptops have TPMs since 2007 or so).
Hi, @Abdalrahman Allahham
Was the issue resolved?
If any reply is useful for you, please accept it as answer.
If you have any issue or concern, please reply to us directly.
Best Regards.
Hi,
You could try the following PowerShell cmdlet to automate Bitlocker deployment:
The Enable-BitLocker cmdlet enables BitLocker Drive Encryption for a volume.
Enable-BitLocker
Best regards.
**
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Also, you could use the Backup-BitLockerKeyProtector cmdlet to saves a key protector for a BitLocker volume in AD DS.
reference: Backup-BitLockerKeyProtector
thank you for ur reply.
i have to use Bitlocker wihtout TPM as its disabled by default from the BIOS, it will be hard for me to enable it remotely on all the computers especially that computers are spread all over the word.
for now i tried Enable-Bitlocker but i see these errors:
PS C:\Windows\system32> $SecureString = ConvertTo-SecureString "1234" -AsPlainText -Force
PS C:\Windows\system32> Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -UsedSpaceOnly -Pin $SecureString -passwordrecoverykey
Enable-BitLocker : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
another thing, is there a way to enable bitlocker on all the partitions on the computers, instead of just mention the drive like the above aommand ??
thank you again for ur reply.