3,085 questions
Try this:
$SecureString = ConvertTo-SecureString "1234" -AsPlainText -Force
Add-BitLockerKeyProtector -MountPoint "C:" -Pin $SecureString -TPMandPinProtector
Enable Bitloacker on OS Volume from Command Line -unattended
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 78%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
~OSD~
2,201
Reputation points
Hi,
I would like to enable Bitlocker Drive Encryption on Operating System Volume from command line in unattended method that do not require user input.
Here is what I have done so far, pleas let me know which stage I am doing it wrong or feel free to share your thoughts /methods if something is different from what I am trying now.
- Group Policy <Require Additional Authentication at Startup> = Enabled
- PowerShell <Add Key Protector>
Add-BitLockerKeyProtector -MountPoint C: -Password ("MyPassword" | ConvertTo-SecureString -AsPlainText -
Force) -PasswordProtector
but above command give me following error:
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
4 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 95%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Shane Walsh 31 Reputation points2022-01-07T13:44:21.363+00:00 -
~OSD~ 2,201 Reputation points
2022-01-07T14:00:38.363+00:00 Using your method, I enabled the BitLocker but then complain about the TPM at startup.
-
Shane Walsh 31 Reputation points
2022-01-07T14:07:26.973+00:00 Try this one:
$SecureString = ConvertTo-SecureString "1234" -AsPlainText -Force
Enable-BitLocker -MountPoint "C:" -EncryptionMethod Aes256 -UsedSpaceOnly -Pin $SecureString -TPMandPinProtector
Sign in to comment -
-
~OSD~ 2,201 Reputation points
2022-01-07T13:52:46.737+00:00 Eventually it continue to work (no changes made)
But now when PC reboots, it say Bitloacker is not enabled:
-
Limitless Technology 39,921 Reputation points2022-01-10T09:07:02.827+00:00 Hello OSD
It sounds like you have checked several of the boxes that are required for BitLocker to be properly enabled. Could you validate if you have "PTT" enabled, or if this TPM is running in TPM 2.0 mode?
Have you attempted to "clear" the TPM within TPM.MSC?
Can you validate if you are also running within UEFI or Legacy BIOS mode? This can be found within MSinfo32 under "System Summary" in the "BIOS Mode" field.
We may also need to ensure that your BIOS is up to date. it may be beneficial to update your device to ensure that BIOS, as well as all relevant chipset drivers are fully up to date.
--If the reply is helpful, please Upvote and Accept as answer--
-
~OSD~ 2,201 Reputation points
2022-01-13T10:38:09.187+00:00 - TPM 2.0 , even tried with Clear the TPM.
- UEFI BIOS
- All latest patches