Enable Bitlocker

Paul Fuggles · May 2018

Product Name: Enable Bitlocker

Description : 2 agent procedures to check if Bitlocker can be enabled, check hard drive configuration and perform the necessary turn it on and capture the status and recovery password to custom fields

Instructions :

Create 2 custom fields called "Bitlocker Status" and "Bitlocker Recovery Key"

Import Procedure Get Bitlocker Status and Recovery Password.xml

Procedure Enable Bitlocker.xml

There is a readme in the zip with further information

Russ Stewart · May 2018

I will test shortly but I've been wanting this. Thanks to Kaseya for helping everyone with the leg work.

Jonathan Weaver · May 2018

Russ - I am in the middle of deployment to approximately 50 machines - things are going smoothly with this script.

matthew jordan · September 2018

Hi Russ, I seem to get an output of 0, on some machines (even though the script does enable Bitlocker. Have you ever see that?

Phil Case · September 2018

I've seen this. I think it's because the format of the output can change so the steps which scan the output for the key string pick up the wrong line.

I haven't had time to look into modifying the script and we don't use it on large numbers of clients so I've taken to connecting to the client through Liveconnect, and running the command line to pick up the key.

">c:\> manage-bde -protectors -get c:

BitLocker Drive Encryption: Configuration Tool version 10.0.17134
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Volume C: [Windows]
All Key Protectors

    Numerical Password:
      ID: {46545517-3597-4FBA-BF5C-xxxxxxxxxxxxxxxx}
      Password:
        440869-524645-375749-109890-574409-712613-513139-xxxxxx

    TPM:
      ID: {9217F44E-5592-4B43-86A3-FCAxxxxxxxxxxx}
      PCR Validation Profile:
        7, 11
        (Uses Secure Boot for integrity validation)

Hope that helps or gives you a pointer

matthew jordan · September 2018

Awesome many thanks.

John Rutkowski · September 2018

I'm getting a "The" in the Bitlocker Recovery Key field. This turns out to be a machine that TPM is not enabled on, hence it can't run Bitlocker. So some other logic needs to be added.

The two files it created are

BITLOCKERSTATUS.TXT

BitLocker Drive Encryption: Configuration Tool version 10.0.15063

ERROR: The volume C: could not be opened by BitLocker.

This may be because the volume does not exist, or because it is not a valid

BitLocker volume.

BitlockerProtectors.TXT

BitLocker Drive Encryption: Configuration Tool version 10.0.15063

ERROR: An error occurred (code 0x80070057):

The parameter is incorrect.

Rod Wittig · November 2018

Has anyone figured out how to resolve the issue with the manage-bde -protectors -get c: output being different from machine to machine with this script? I have machines reporting the Numerical Password first and then the TPM. The result of this script is that on those machines I usually end up with either (Uses or a single number.

Daniel Voller · November 2018

I haven't but I added an extra line to the script that grabs the text file it writes the output to and uploads to the vsa. Can then refer to it via the procedures get file section.

Jesse Donk · November 2018

i changed: Manage-bde -protectors -get c: | Out-File "#AgentWorkingDirectoryPath#\BitlockerProtectors.txt" to: Manage-bde -protectors -get -type recoverypassword c: | Out-File "#AgentWorkingDirectoryPath#\BitlockerProtectors.txt" This way, only the recoverykey is shown, and its ensured that that is what you save to Kaseya.

Rob van der Meijden · January 2019

On 1 PC it works fine but on an other pc the procedure is not working and retry every 35 minutes. In the bitlocker status field I get the error "Hard drive is not configured".

In the agent procedure log I fount the error. "response from BDEHDCFG (enable): BitLocker Drive Preparation Tool version 10.0.17763 Copyright (C) 2013 Microsoft Corporation. All rights reserved. BitLocker Drive Preparation Tool version 10.0.17763 Copyright (C) 2013 Microsoft Corporation. All rights reserved. The minimum size for the new partition is 1085 megabytes. Please specify a size of at least 1085. Example: -size 1085". The PC has only got 1 partition.

Dean Baldwin · July 2019

While this is recovering the bitlocker key it is not writing a true/false to the bitlocker status field. Can you help with this?

DmitrijKondrasov · August 2019

Is it possible to send email with Recovery Key and Machine ID?

jacky · September 2019

Hi The script is not working for my machines is it due to the Windows Version? Or additional line or command have to added into this script?

Devon Kimbrough · February 2020

For some reason after I upload the Enable Bitlocker XML file to Kaseya, it will not show in the procedures file tree. I've never had any issues uploading any other procedures. Has this happened to anyone else?

[email protected] · February 2020

For alot of the procedures on this website I have to download the xml and copy and paste the entire script to the import folder/procedure section.

CLAYTON HABLINSKI · March 2021

It's run against 7 machines so far and the attributes arent being populated. Seeing this a lot in the procedure log: Error - unable to detect shell command results.

GlennHussein · May 2022

Hard drive is not configured - any update on what to do with that Error ?

FordALT · April 27

Getting this:
FAILED in processing THEN step 10, Update System Info, with error Database access error, Failed SQL command: IF EXISTS (SELECT agentGuid FROM auditRsltManualFieldValues WHERE ((agentGuid = ?) AND (fieldNameFK IN (SELECT id FROM auditRsltManualFields WHERE ((fieldName = ?) AND (partitionId = (SELECT partitionId FROM machNameTab WHERE agentGuid = ?))))))) UPDATE auditRsltManualFieldValues SET fieldValue = ? WHERE ((agentGuid = ?) AND (fieldNameFK IN (SELECT id FROM auditRsltManualFields WHERE ((fieldName = (Line 19)

Enable Bitlocker

Comments

COMMUNITY QUICK LINKS

Categories

Weekly Leaderboard