Bitlocker Deployment

Abdalrahman Allahham 41 Reputation points


is there a way to enable bitlocker using a script or command line for all the computers in the company without using TPM and include the password within the script ( i dont want to type the password for every command like this one "manage-bde -on C: -pw" this command it will ask me to enter a password ) ??

finally store all the recovery keys in AD DS.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,745 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Dale Kudusi 3,206 Reputation points

    You could try the following PowerShell cmdlet to automate Bitlocker deployment:
    The Enable-BitLocker cmdlet enables BitLocker Drive Encryption for a volume.

    Best regards.

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Abdalrahman Allahham 41 Reputation points

    thank you for ur reply.

    i have to use Bitlocker wihtout TPM as its disabled by default from the BIOS, it will be hard for me to enable it remotely on all the computers especially that computers are spread all over the word.

    for now i tried Enable-Bitlocker but i see these errors:

    PS C:\Windows\system32> $SecureString = ConvertTo-SecureString "1234" -AsPlainText -Force
    PS C:\Windows\system32> Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -UsedSpaceOnly -Pin $SecureString -passwordrecoverykey
    Enable-BitLocker : Parameter set cannot be resolved using the specified named parameters.
    At line:1 char:1

    • Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -UsedSpace ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidArgument: (:) [Enable-BitLocker], ParameterBindingException
    • FullyQualifiedErrorId : AmbiguousParameterSet,Enable-BitLocker

    another thing, is there a way to enable bitlocker on all the partitions on the computers, instead of just mention the drive like the above aommand ??

    thank you again for ur reply.

    0 comments No comments