Powershell script to enable bitlocker RRS feed

  • Question

  • Hi All,

    I've try some script that've found that could enable bitlocker silently. 

    It had at first attempt but then I turn off the bitlocker then try to run the script through network path it had been failed.

    Thing get worse as now whenever I run the same script it come with error like in the picture.

    TPM on this machine is enable and machine is UEFI with secure boot.

    Monday, April 1, 2019 4:30 AM

All replies

  • And how should anyone judge this without seeing the script?
    Monday, April 1, 2019 7:54 AM
  • I'm sorry.

    I've reimage the machine then run the same script again. It's success. 

    Not sure if it also because my account can't edit ADSI.

    Here's the script.


    $TPM = Get-WmiObject win32_tpm -Namespace root\cimv2\security\microsofttpm | where {$_.IsEnabled().Isenabled -eq 'True'} -ErrorAction SilentlyContinue
    $WindowsVer = Get-WmiObject -Query 'select * from Win32_OperatingSystem where (Version like "6.2%" or Version like "6.3%" or Version like "10.0%") and ProductType = "1"' -ErrorAction SilentlyContinue
    $BitLockerReadyDrive = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction SilentlyContinue

    #If all of the above prequisites are met, then create the key protectors, then enable BitLocker and backup the Recovery key to AD.
    if ($WindowsVer -and $TPM -and $BitLockerReadyDrive) {

    #Creating the recovery key
    Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -RecoveryPasswordProtector

    #Adding TPM key
    Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -TpmProtector
    sleep -Seconds 15 #This is to give sufficient time for the protectors to fully take effect.

    #Enabling Encryption
    Start-Process 'manage-bde.exe' -ArgumentList " -on $env:SystemDrive -em aes256" -Verb runas -Wait

    #Getting Recovery Key GUID
    $RecoveryKeyGUID = (Get-BitLockerVolume -MountPoint $env:SystemDrive).keyprotector | where {$_.Keyprotectortype -eq 'RecoveryPassword'} | Select-Object -ExpandProperty KeyProtectorID

    #Backing up the Recovery to AD.
    manage-bde.exe  -protectors $env:SystemDrive -adbackup -id $RecoveryKeyGUID

    #Restarting the computer, to begin the encryption process

    Monday, April 1, 2019 8:35 AM
  • Thanks for sharing us.

    Best Regards,

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, April 12, 2019 2:02 AM