Enable Bitlocker

Paul Fuggles

Product Name: Enable Bitlocker

Description : 2 agent procedures to check if Bitlocker can be enabled, check hard drive configuration and perform the necessary turn it on and capture the status and recovery password to custom fields

Instructions :

Create 2 custom fields called "Bitlocker Status" and "Bitlocker Recovery Key"

Import Procedure Get Bitlocker Status and Recovery Password.xml

Procedure Enable Bitlocker.xml

There is a readme in the zip with further information

Russ Stewart

I will test shortly but I've been wanting this. Thanks to Kaseya for helping everyone with the leg work.

Jonathan Weaver

Russ - I am in the middle of deployment to approximately 50 machines - things are going smoothly with this script.

matthew jordan

Hi Russ,  I seem to get an output of 0, on some machines (even though the script does enable Bitlocker.   Have you ever see that?

Phil Case

I've seen this. I think it's because the format of the output can change so the steps which scan the output for the key string pick up the wrong line.

I haven't had time to look into modifying the script and we don't use it on large numbers of clients so I've taken to connecting to the client through Liveconnect, and running the command line to pick up the key.

">c:\> manage-bde -protectors -get c:

BitLocker Drive Encryption: Configuration Tool version 10.0.17134
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Volume C: [Windows]
All Key Protectors

    Numerical Password:
      ID: {46545517-3597-4FBA-BF5C-xxxxxxxxxxxxxxxx}
      Password:
        440869-524645-375749-109890-574409-712613-513139-xxxxxx

    TPM:
      ID: {9217F44E-5592-4B43-86A3-FCAxxxxxxxxxxx}
      PCR Validation Profile:
        7, 11
        (Uses Secure Boot for integrity validation)

Hope that helps or gives you a pointer

matthew jordan

Awesome many thanks.

John Rutkowski

I'm getting a "The" in the Bitlocker Recovery Key field. This turns out to be a machine that TPM is not enabled on, hence it can't run Bitlocker. So some other logic needs to be added.

The two files it created are 

BITLOCKERSTATUS.TXT

BitLocker Drive Encryption: Configuration Tool version 10.0.15063

Copyright (C) 2013 Microsoft Corporation. All rights reserved.

ERROR: The volume C: could not be opened by BitLocker.

This may be because the volume does not exist, or because it is not a valid

BitLocker volume.

BitlockerProtectors.TXT

BitLocker Drive Encryption: Configuration Tool version 10.0.15063

Copyright (C) 2013 Microsoft Corporation. All rights reserved.

ERROR: An error occurred (code 0x80070057):

The parameter is incorrect.

Rod Wittig

Has anyone figured out how to resolve the issue with the manage-bde -protectors -get c: output being different from machine to machine with this script?  I have machines reporting the Numerical Password first and then the TPM.  The result of this script is that on those machines I usually end up with either (Uses or a single number.

Daniel Voller

I haven't but I added an extra line to the script that grabs the text file it writes the output to and uploads to the vsa. Can then refer to it via the procedures get file section.

Jesse Donk

i changed: Manage-bde -protectors -get c: | Out-File "#AgentWorkingDirectoryPath#\BitlockerProtectors.txt" to: Manage-bde -protectors -get -type recoverypassword c: | Out-File "#AgentWorkingDirectoryPath#\BitlockerProtectors.txt" This way, only the recoverykey is shown, and its ensured that that is what you save to Kaseya.

Rob.van.der.Meijden

On 1 PC it works fine but on an other pc the procedure is not working and retry every 35 minutes. In the bitlocker status field I get the error "Hard drive is not configured".

In the agent procedure log I fount the error. "response from BDEHDCFG (enable): BitLocker Drive Preparation Tool version 10.0.17763 Copyright (C) 2013 Microsoft Corporation. All rights reserved. BitLocker Drive Preparation Tool version 10.0.17763 Copyright (C) 2013 Microsoft Corporation. All rights reserved. The minimum size for the new partition is 1085 megabytes. Please specify a size of at least 1085. Example: -size 1085". The PC has only got 1 partition.

Dean Baldwin

While this is recovering the bitlocker key it is not writing a true/false to the bitlocker status field. Can you help with this?

DmitrijKondrasov

Is it possible to send email with Recovery Key and Machine ID?

jacky

Hi The script is not working for my machines is it due to the Windows Version? Or additional line or command have to added into this script? 

Devon Kimbrough

For some reason after I upload the Enable Bitlocker XML file to Kaseya, it will not show in the procedures file tree. I've never had any issues uploading any other procedures. Has this happened to anyone else?

[email protected]

For alot of the procedures on this website I have to download the xml and copy and paste the entire script to the import folder/procedure section.

CLAYTON HABLINSKI

It's run against 7 machines so far and the attributes arent being populated. Seeing this a lot in the procedure log: Error - unable to detect shell command results. 

GlennHussein

Hard drive is not configured - any update on what to do with that Error ?

FordALT

Getting this:
FAILED in processing THEN step 10, Update System Info, with error Database access error, Failed SQL command: IF EXISTS (SELECT agentGuid FROM auditRsltManualFieldValues WHERE ((agentGuid = ?) AND (fieldNameFK IN (SELECT id FROM auditRsltManualFields WHERE ((fieldName = ?) AND (partitionId = (SELECT partitionId FROM machNameTab WHERE agentGuid = ?))))))) UPDATE auditRsltManualFieldValues SET fieldValue = ? WHERE ((agentGuid = ?) AND (fieldNameFK IN (SELECT id FROM auditRsltManualFields WHERE ((fieldName = (Line 19)