- #BITLOCKER WAITING FOR ACTIVATION HOW TO#
- #BITLOCKER WAITING FOR ACTIVATION CODE#
- #BITLOCKER WAITING FOR ACTIVATION DOWNLOAD#
It sounds complicated or somewhat of a hacky method, but I promise this works really well and really makes setting up new computers super easy.īacking Up Bitlocker Recovery Key and PIN to Network Share Risk 100% automated – just run this package against a target machine and it will do everything for you. Then, the script will copy from the public share to the IT share and delete it from public share. txt files to a public network share (or a network share that most employees should have access to) The reason I’m not moving it to the IT share just yet is because if I run this script on Janet from Accounting’s computer, her user doesn’t have access to the IT file share.
#BITLOCKER WAITING FOR ACTIVATION CODE#
It will export the recovery key and PIN code as separate text files to the computers C:\ drive temporarily, appended with the computer name like this: This script will enable bitlocker and set a random PIN code. You cannot store bitlocker PIN’s in Active Directory or view the recovery codes from the Active Directory Users & Computers (ADUC) widget. This GPO adds a new tab to the Computer Object and is viewable from within a domain controller. This is just another way to backup the recovery key. Optional: You should configure a Group Policy to automatically backup the 48-character Bitlocker recovery key in Active Directory during deployment. Most newer computers already have this and is already enabled within the BIOS. The target computer must have a TPM chip that is enabled. If you don’t want to recreate this package yourself, I’ve exported my PDQ package for you. Here’s the steps of everything we’ll be doing. Using PDQ Deploy, I run the “Bitlocker + PIN” package, wait a few minutes, and everything is complete. This is truly a hands-off one touch Bitlocker deployment process. For example, if you forget to copy down the PIN code, and a user forgets, they will have to enter in the 48-character recovery code which is not ideal. If you work as a sysadmin, IT manager, or in a helpdesk role, then this is a very time-consuming task for each new computer you setup and is prone to human error. You will also have to set a Bitlocker pin code, and then document the pin code somewhere secure. You could turn on Bitlocker manually by right-clicking your C:\ drive and waiting for the encryption process to finish, but that is a very hands-on approach. There are several different ways to configure Bitlocker. It supports Windows Vista and higher versions. On average, it takes about 7 minutes or less per machine.īitlocker is a built-in full-volume encryption feature that is included in Windows. I’ve used this script on hundreds of computers, and it works perfectly everytime.
#BITLOCKER WAITING FOR ACTIVATION DOWNLOAD#
If you don’t have PDQ, there is a free version you can download to accomplish this but the paid version is 100% worth the cost. If you don’t have PDQ Deploy, you can still take the code from the various steps below and turn it into a Powershell script to use with another RMM tool like SCCM, if you’d like. This PDQ Deploy sequence I’m using consists of several “steps” and will enable bitlocker, set a randomized pin code, copy the pincode and recovery key to an IT network share, and wait/reboot the computer several times.
#BITLOCKER WAITING FOR ACTIVATION HOW TO#
In this guide, I’m going to show you how to enable bitlocker remotely using Powershell/PDQ Deploy.
0 kommentar(er)
