none
WinPE Bitlocker with Powershell RRS feed

  • Question

  • I have been able to get Bitlocker to work (Unlock) using WinPE and I am able to run some Powershell with WinPE but the Bitlocker Powershell commands are not there to execute.  Get-Bitlocker, Unlock-Bitlocker are not available on my WinpE.  Does anyone know how I can add Bitlocker commands to my WinPE build?

    I am attempting to execute the following. 

      $BL = Get-BitLockerVolume | Select MountPoint,LockStatus | Where {$_.LockStatus -eq "Locked"}
      $driveLetter = $BL.MountPoint
      Unlock-BitLocker -MountPoint $driveLetter -Password (Read-Host 'Enter Password' -AsSecureString)
    Mount-DiskImage "$driveLetter\Media\Filename.ISO"

    Thanks

    Thursday, March 22, 2018 4:20 PM

All replies

  • Only a subset of Powershell commands are available in WinPE, if you look at Microsoft Deployment Toolkit, they still use the VBScript / WMI methods.

    You can script using Powershell / WMI for Bitlocker
    

    For some reason Copy and Paste is not working, check out HeyScriptingGuy Blog and he post on how to do this in a 2 part series... May 25, 2015

    Friday, March 23, 2018 1:21 PM
  • When you start windows setup, you have a WinPE customized by Microsoft in fron of you and you can press shift F10 and on the appearing command line, you can use the manage-bde.exe command to do anything you like - all functions are available apart from those that are using active directory for key backup (since we are not connected to AD at that moment).
    Monday, March 26, 2018 8:16 AM
  • When you start windows setup, you have a WinPE customized by Microsoft in fron of you and you can press shift F10 and on the appearing command line, you can use the manage-bde.exe command to do anything you like - all functions are available apart from those that are using active directory for key backup (since we are not connected to AD at that moment).
    Monday, March 26, 2018 8:16 AM
  • I'm not sure if you figured this out yet or not, but I was finally able to get BitLocker commands to work in PowerShell inside WinPE10. I also did a few other customizations to my WinPE build but I think below is what's needed for BitLocker/PowerShell in WinPE10 (my image is x86, but I'm sure its the same for a x64 setup).

    Packages Needed:

    • WinPE-WMI.cab
    • WinPE-SecureStartup.cab
    • en-us\WinPE-WMI_en-us.cab
    • en-us\WinPE-SecureStartup_en-us.cab
    • WinPE-PowerShell.cab
    • WinPE-NetFx.cab
    • WinPE-EnhancedStorage.cab (not 100% sure this is needed)
    • WinPE-DismCmdlets.cab (not 100% sure this is needed)
    • WinPE-StorageWMI.cab
    • en-us\WinPE-PowerShell_en-us.cab
    • en-us\WinPE-NetFx_en-us.cab
    • en-us\WinPE-EnhancedStorage_en-us.cab (not 100% sure this is needed)
    • en-us\WinPE-DismCmdlets_en-us.cab (not 100% sure this is needed)
    • en-us\WinPE-StorageWMI_en-us.cab

    Install those packages then copy the Bit locker Module folder from your computer to the WinPE image

    • C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Bitlocker

    That should be it. I just tested a script of mine that uses Get-BitLockerVolume, Unlock-BitLocker, and Disable-BitLocker commands (among other things) and it works.

    Wednesday, July 18, 2018 12:28 PM
  • Is this recommendable? I wouldn't want to use powershell for this purpose if I could use manage-bde instead, since manage-bde knows more options and is included in WinPE.
    Wednesday, July 18, 2018 12:34 PM
  • I used PowerShell because I had a script to look up the recovery password from AD to decrypt the drive. It suited my needs as I already had PowerShell in my PE environment for other reasons. 
    Wednesday, July 18, 2018 12:39 PM