Monday 16 March 2015

Adding a Bitlocker password protector with Powershell

Firstly we need to alter the local Group Policy:
Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives > Allow enhanced PIN for startup = Enabled and the "Require additional authentication at startup" = Enabled.

You might also want to set "Configure use of passwords for operating system drives" as well to define password a password policy.

Or we will get the following error message when creating the protector:
"Add-PasswordProtectorInternal : Group Policy setings do not permit creation of a password."

$encpass = ConvertTo-SecureString -AsPlainText -String "yourpassword" -Force
Add-BitlockerKeyProtector -MountPoint C:\ -Password $encpass -PasswordProtector

We can also do this the traditional way:
manage-bde -protectors -add c: -password "yourpassword"


Post a Comment