Enable Bitlocker by Powershell doesn't work

Hello,

I try enable Bitlocker on a remote PC with Windows 8.1 via PS-Session and Powershell.

We configured a Policy to store the recovery key via a recovery agent (has a certificate)
in Active Directory.

By the way, we don't need a Pin, we just set up TPM.

I execute this command in PS and receive the following error:
PS>Enable-BitLocker -MountPoint "c:" -EncryptionMethod Aes256 -TpmProtector

Error:Enable-BitLockerInternal : Group Policy settings require that a recovery password be specified before encrypting the
drive. (Exception from HRESULT: 0x8031002C)
At C:windowssystem32windowspowershellv1.0ModulesBitLockerBitLocker.psm1:3620 char:48
+ $BitLockerVolumeInternal = Enable-BitLockerInternal -MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Enable-BitLockerInternal

How can I solve this? I try to avoid running to all clients in order to setup Bitlocker.

BR
insi01



Hi.

The error says "Group Policy settings require that a recovery password be specified before encrypting the drive". Investigate. You will need to setup automatic AD backup of that recovery password as well, set the policy "Save BitLocker recovery information to Active Directory Domain Services" as mentioned in https://technet.microsoft.com/en-us/library/dd875529%28v=ws.10%29.aspx?
Also consider selecting to only encrypt used space to save time.



Hi.

The error says "Group Policy settings require that a recovery password be specified before encrypting the drive". Investigate. You will need to setup automatic AD backup of that recovery password as well, set the policy "Save BitLocker recovery information to Active Directory Domain Services" as mentioned in https://technet.microsoft.com/en-us/library/dd875529%28v=ws.10%29.aspx?
Also consider selecting to only encrypt used space to save time.









Share this

Related Posts

There was an error in this gadget