Windows 10 Enable Bitlocker by using a script

  • Thread starter Thread starter KasparDanielsen
  • Start date Start date
K

KasparDanielsen

Hi Everyone,


My first post in here, hopefully you can help me out with this simple question.


I've been able to create a GPO to deploy a script on all user machines and execute with a Scheduled Task with the use of SYSTEM permissions. (Not a logon script etc.)


It works perfectly fine.. the Bitlocker encryption keys just ends up in the AD multiple times. It's due to gpupdate that makes the script run again and my statement might just ignore that the drive already is encrypted at that point.. by running over and over again.


I've taken it from a Intune Bitlocker script and removed the unnecessary parts, but I believe it just ignore the part that the state is not in "FullyDecrypted" after the first run and just run the "Enable-BitLocker -MountPoint "C:" -RecoveryPasswordProtector" command over and over again.


Why won't it skip when the volumestatus isn't -eq "FullyDecrypted"?


Script:

Get-BitLockerVolume "C:"

$bdeStartingStatus = Get-BitLockerVolume "C:"



$bdeProtect = Get-BitLockerVolume "C:" | Select-Object -Property VolumeStatus



if ($bdeProtect.VolumeStatus -eq "FullyDecrypted") {



# Enable Bitlocker

Enable-BitLocker -MountPoint "C:" -RecoveryPasswordProtector

}


Kind Regards,

Kaspar Danielsen

Continue reading...
 
You must log in or register to reply here.

Similar threads

T
Windows 11 How can I re-enable bitlocker (Device Encryption) after swapping out NVME on Windows 11 home?
Replies
0
Views
2
TECHSENSI
T
A
Windows 10 Can't enable BitLocker
Replies
0
Views
3
Andrew96-96
A
J
Windows 10 BitLocker Drive Encryption Failure
Replies
0
Views
6
Juan Garcia9
J
K
Windows 11 How to deploy KIR through script
Replies
0
Views
14
Kishor Kumar Bala Murali
K
A
Windows 11 No bitlocker key found on this device Intune and Azure AD
Replies
0
Views
6
Ainsrs
A
Back
Top