MBAM RE-ENCRYPTION

Question

MBAM RE-ENCRYPTION

Fred Addo Kyei 1

Hello,

i have deployed an MBAM environment using the 128-bit encryption method for OS, fixed and removable drives in my organization. Currently from our security department, i am to upgrade the MBAM GPO to use 256-bit encryption method. i realised doing that will render already encrypted devices non compliant in mbam reports and also mean that we have manually decrypt and encrypt each device. this will be very hector as there are about 2000 devices already encrypted with the 128-bit. Is there a script to automate the decryption and re-encryption process please?

regards,

Fred

0 comments

1 answer

Your answer

Answer 1

Joy Qiao 5,812 Moderator

Hi Fred,

If you have implement SCCM in your environment, we could decryption and re-encryption with this tool.
If not, we could use command line manage-bde –off C: and manage-bde -on C: in Script and deploy it through GPO.
Here is a reference article about detailed steps:
Run a Script or Batch File with Administrative Privileges as Windows Starts

But if you prefer to have a script content, we recommend to create a thread on professional Script forum:

The Official Scripting Guys Forum!

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Bests,

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Fred Addo Kyei 1 Reputation point

2020-09-15T14:47:43.76+00:00

Hello JoyQiao,

Thanks for the reply.

We do have SCCM in our environment but do my colleagues still maintain their existing bitlocker passwords or pins after decryption and re-encryption using the SCCM environment? or they will be prompted to type in a new pin or password again when it begins to re-encrypt after decryption?

Also, kindly share with me the step by step of how to create the script with the commands.

regards,
fred
Joy Qiao 5,812 Reputation points Moderator

2020-09-16T05:52:11.273+00:00

Hi Fred,

As I know, Bitlocker password and PIN is stored on local device, it will not sync to any AD data base or SCCM device. So I suspect after we decrypted and encrypted again, no matter through SCCM or GPO, it will require user to set a new password and PIN.

But for details, I would recommend to ask for SCCM support.

For script issue, I would sorry to say that I am not familiar with it, as every engineer have a professional pod, however, Script is out of my pod scope. Please create a new thread on Script forum.

Bests,

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Joy Qiao 5,812 Reputation points Moderator

2020-09-17T09:37:04.28+00:00

Hi,

Just to confirm if any update about your issue.

Bests,

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Joy Qiao 5,812 Reputation points Moderator

2020-09-22T05:55:23.067+00:00

anonymous userKyei-7305 any update for this issue?

Bests,
Joy Qiao 5,812 Reputation points Moderator

2020-09-29T08:48:31.347+00:00

Hi anonymous userKyei-7305

Just check to see if the information provided was helpful.

If yes, you may accept useful reply as answer, if not, welcome to feedback.

Bests,

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Share via

MBAM RE-ENCRYPTION

1 answer

Your answer