I am trying to activate Bitlocker on a Windows 11 system using the PowerShell script below.
The script runs but does not show any errors nor does it activate Bitlocker and store the recover key on a network share.
I am very new to PS so I am not sure what i need to do to get this script to work properly.
Can anyone tell me what is missing or what changes need to be made to this script.
The system does have the needed Windows 11 partitions.
Thanks!
$TPM = Get-WmiObject win32_tpm -Namespace root\cimv2\security\microsofttpm | where {$_.IsEnabled().Isenabled -eq 'True'} -ErrorAction SilentlyContinue
$WindowsVer = Get-WmiObject -Query 'select * from Win32_OperatingSystem where (Version like "6.2%" or Version like "6.3%" or Version like "10.0%" or Version like "11.0%") and ProductType = "1"' -ErrorAction SilentlyContinue
$BitLockerReadyDrive = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction SilentlyContinue
if ($WindowsVer -and $TPM -and $BitLockerReadyDrive) {
#Creating the recovery key
Start-Process 'manage-bde.exe' -ArgumentList " -protectors -add $env:SystemDrive -recoverypassword" -Verb runas -Wait
#Enabling Encryption
Start-Process 'manage-bde.exe' -ArgumentList " -on -usedspaceonly $env:SystemDrive -em aes256 " -Verb runas -Wait
#Getting Recovery Key GUID
$RecoveryKeyGUID = (Get-BitLockerVolume -MountPoint $env:SystemDrive).keyprotector | where {$_.Keyprotectortype -eq 'RecoveryPassword'} | Select-Object -ExpandProperty KeyProtectorID
#Backing Password file to the server
#manage-bde -protectors -get C: |out-file "c:\$($env:computername).txt"
(Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword –match ‘\S’ > "\\networksharename\\BitLocker\$($env:computername).TXT"
The script runs but does not show any errors nor does it activate Bitlocker and store the recover key on a network share.
I am very new to PS so I am not sure what i need to do to get this script to work properly.
Can anyone tell me what is missing or what changes need to be made to this script.
The system does have the needed Windows 11 partitions.
Thanks!
$TPM = Get-WmiObject win32_tpm -Namespace root\cimv2\security\microsofttpm | where {$_.IsEnabled().Isenabled -eq 'True'} -ErrorAction SilentlyContinue
$WindowsVer = Get-WmiObject -Query 'select * from Win32_OperatingSystem where (Version like "6.2%" or Version like "6.3%" or Version like "10.0%" or Version like "11.0%") and ProductType = "1"' -ErrorAction SilentlyContinue
$BitLockerReadyDrive = Get-BitLockerVolume -MountPoint $env:SystemDrive -ErrorAction SilentlyContinue
if ($WindowsVer -and $TPM -and $BitLockerReadyDrive) {
#Creating the recovery key
Start-Process 'manage-bde.exe' -ArgumentList " -protectors -add $env:SystemDrive -recoverypassword" -Verb runas -Wait
#Enabling Encryption
Start-Process 'manage-bde.exe' -ArgumentList " -on -usedspaceonly $env:SystemDrive -em aes256 " -Verb runas -Wait
#Getting Recovery Key GUID
$RecoveryKeyGUID = (Get-BitLockerVolume -MountPoint $env:SystemDrive).keyprotector | where {$_.Keyprotectortype -eq 'RecoveryPassword'} | Select-Object -ExpandProperty KeyProtectorID
#Backing Password file to the server
#manage-bde -protectors -get C: |out-file "c:\$($env:computername).txt"
(Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword –match ‘\S’ > "\\networksharename\\BitLocker\$($env:computername).TXT"
- Windows Build/Version
- Windows 11 22H2
My Computer
System One
-
- OS
- Win11