Fred Kyei 1 Reputation point


i have deployed an MBAM environment using the 128-bit encryption method for OS, fixed and removable drives in my organization. Currently from our security department, i am to upgrade the MBAM GPO to use 256-bit encryption method. i realised doing that will render already encrypted devices non compliant in mbam reports and also mean that we have manually decrypt and encrypt each device. this will be very hector as there are about 2000 devices already encrypted with the 128-bit. Is there a script to automate the decryption and re-encryption process please?



Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,147 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Joy Qiao 4,766 Reputation points Microsoft Employee

    Hi Fred,

    If you have implement SCCM in your environment, we could decryption and re-encryption with this tool.
    If not, we could use command line manage-bde –off C: and manage-bde -on C: in Script and deploy it through GPO.
    Here is a reference article about detailed steps:
    Run a Script or Batch File with Administrative Privileges as Windows Starts

    But if you prefer to have a script content, we recommend to create a thread on professional Script forum:

    The Official Scripting Guys Forum!

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.



    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.