This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 70%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBK%3C/text%3E%3C/svg%3E)
I have created a python script to enable bitlocker on a data drive that encrypts the data drive and then stores the recovery password on the C drive as a text file.
I have noticed that once the script is run it encrypts the drive and save the output but once I restart my test machine it locks the drive (I have included a unlock and enable autounlock on the script).
So basically once a user restarts the machine they would need to manually unlock and manually enable auto unlocking locking, looks like I cannot encrypt the data drive all in one script but need multiple scripts to encrypt the drive and then save password key, restart machine, and then run a separate script to unlock drive and then enable autounlocking.
Wanted to know if that is the only option as I would like no user intervention and run my python script (which used the manage-bde commands). As I want to run this remotely.
Code attached python version 2.7 running cmd manage-bde commands:
Drive="D:" ##Enter the Drive you want to decrypt
save="C:" ##Enter the Drive you want to save the recovery key
import ctypes
import re
import os
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
import subprocess
path = 'C:\\Windows\\System32\\manage-bde.exe -status '+Drive
with disable_file_system_redirection():
process=subprocess.Popen((path),shell=True,stdout=subprocess.PIPE);
result=process.communicate()[0]
protect=re.findall("Lock Status: (.*)",result)
pro="".join(protect)
y=[]
xx=[]
k=[]
fp=os.path.join(save+r"\\Recoverykey.txt")
print fp
if "Unlocked" in pro:
print "Drive "+Drive+" is now in locked state"
ps_command=r'manage-bde -on '+Drive+' -RecoveryKey '+save+' -RecoveryPassword'
with disable_file_system_redirection():
c=os.popen('powershell "%s"'%ps_command).read()
y=c.split('\n')
for i in range(len(y)):
if re.findall('ACTIONS REQUIRED:(.*)',y[i]):
j=i
for yy in y[j:]:
k.append(yy)
with open(fp, 'a+') as f:
for i in k:
print i
f.write(str(i))
##Restart machine
sysdown=subprocess.Popen(('shutdown /r '),shell=True,stdout=subprocess.PIPE);
for line in iter(sysdown.stdout.readline,''):
print line.rstrip();
##Unlock drive
recover = 'C:\\Windows\\System32\\manage-bde.exe -unlock '+Drive + ' -RecoveryPassword ' + save+'\Recoverykey.txt'
with disable_file_system_redirection():
recover=subprocess.Popen((recover),shell=True,stdout=subprocess.PIPE);
UnlockedPath=recover.communicate()[0]
print UnlockedPath
autounlock = 'C:\\Windows\\System32\\manage-bde.exe -autounlock -enable '+Drive
with disable_file_system_redirection():
autounlock=subprocess.Popen((autounlock),shell=True,stdout=subprocess.PIPE);
autopath=autounlock.communicate()[0]
print autopath
Looks the issue was with the script running as admin and I log into the test machine as a domain user on a domain machine.
Ran script as logged in user (signed in as admin) and restarted the machine. Was able to access data drives without needing to input the keys.
