Firstly we need to alter the local Group Policy:
Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives > Allow enhanced PIN for startup = Enabled and the "Require additional authentication at startup" = Enabled.
You might also want to set "Configure use of passwords for operating system drives" as well to define password a password policy.
Or we will get the following error message when creating the protector:
"Add-PasswordProtectorInternal : Group Policy setings do not permit creation of a password."
$encpass = ConvertTo-SecureString -AsPlainText -String "yourpassword" -Force
Add-BitlockerKeyProtector -MountPoint C:\ -Password $encpass -PasswordProtector
We can also do this the traditional way:
manage-bde -protectors -add c: -password "yourpassword"
No comments:
Post a Comment