This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
i have deployed an MBAM environment using the 128-bit encryption method for OS, fixed and removable drives in my organization. Currently from our security department, i am to upgrade the MBAM GPO to use 256-bit encryption method. i realised doing that will render already encrypted devices non compliant in mbam reports and also mean that we have manually decrypt and encrypt each device. this will be very hector as there are about 2000 devices already encrypted with the 128-bit. Is there a script to automate the decryption and re-encryption process please?
regards,
Fred
Hi Fred,
If you have implement SCCM in your environment, we could decryption and re-encryption with this tool.
If not, we could use command line manage-bde –off C: and manage-bde -on C: in Script and deploy it through GPO.
Here is a reference article about detailed steps:
Run a Script or Batch File with Administrative Privileges as Windows Starts
But if you prefer to have a script content, we recommend to create a thread on professional Script forum:
The Official Scripting Guys Forum!
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Bests,
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello JoyQiao,
Thanks for the reply.
We do have SCCM in our environment but do my colleagues still maintain their existing bitlocker passwords or pins after decryption and re-encryption using the SCCM environment? or they will be prompted to type in a new pin or password again when it begins to re-encrypt after decryption?
Also, kindly share with me the step by step of how to create the script with the commands.
regards,
fred
Hi Fred,
As I know, Bitlocker password and PIN is stored on local device, it will not sync to any AD data base or SCCM device. So I suspect after we decrypted and encrypted again, no matter through SCCM or GPO, it will require user to set a new password and PIN.
But for details, I would recommend to ask for SCCM support.
For script issue, I would sorry to say that I am not familiar with it, as every engineer have a professional pod, however, Script is out of my pod scope. Please create a new thread on Script forum.
Bests,
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Just to confirm if any update about your issue.
Bests,
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
anonymous userKyei-7305 any update for this issue?
Bests,
Hi anonymous userKyei-7305
Just check to see if the information provided was helpful.
If yes, you may accept useful reply as answer, if not, welcome to feedback.
Bests,
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.