Enable-Bitlocker -TpmProtector via GPO does not work (0x80070522) The 2019 Stack Overflow Developer Survey Results Are InUnlock bitlocker disk via cmdVerify who has Bitlocker key backed up via PowerShell?Scheduled task to run a 32-bit PowerShell Script with three argumentsWindows 2012 R2 RDS - can't change Connection Broker DNS round robin name via PowershellUnable to perform enable-bitlocker and lock-bitlocker successivelyCan't Enable BitlockerHow to deploy Bitlocker via WDSBitlocker not turning on: Windows 7 U 64bitScript to enable bitlocker in All DriveEnable BitLocker with PowerShell on Windows Server 2016
aging parents with no investments
Why isn't airport relocation done gradually?
is usb on wall sockets live all the time with out switches off
What do the Banks children have against barley water?
What is the meaning of Triage in Cybersec world?
How to reverse every other sublist of a list?
I looked up a future colleague on linkedin before I started a job. I told my colleague about it and he seemed surprised. Should I apologize?
How can I create a character who can assume the widest possible range of creature sizes?
Does a dangling wire really electrocute me if I'm standing in water?
Is flight data recorder erased after every flight?
What could be the right powersource for 15 seconds lifespan disposable giant chainsaw?
What does "rabbited" mean/imply in this sentence?
The difference between dialogue marks
Manuscript was "unsubmitted" because the manuscript was deposited in Arxiv Preprints
"To split hairs" vs "To be pedantic"
How to interpret this form of Heaps' Law?
Poison Arrows Piercing damage reduced to 0, do you still get poisoned?
Can't find the latex code for the ⍎ (down tack jot) symbol
Monty Hall variation
Could JWST stay at L2 "forever"?
What is the motivation for a law requiring 2 parties to consent for recording a conversation
How are circuits which use complex ICs normally simulated?
description of papers that have not been submitted to a venue?
Is three citations per paragraph excessive for undergraduate research paper?
Enable-Bitlocker -TpmProtector via GPO does not work (0x80070522)
The 2019 Stack Overflow Developer Survey Results Are InUnlock bitlocker disk via cmdVerify who has Bitlocker key backed up via PowerShell?Scheduled task to run a 32-bit PowerShell Script with three argumentsWindows 2012 R2 RDS - can't change Connection Broker DNS round robin name via PowershellUnable to perform enable-bitlocker and lock-bitlocker successivelyCan't Enable BitlockerHow to deploy Bitlocker via WDSBitlocker not turning on: Windows 7 U 64bitScript to enable bitlocker in All DriveEnable BitLocker with PowerShell on Windows Server 2016
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
1
I am trying to automate the bitlocker in our corporate environment.
I have written a script which enables the bitlocker and it works fine if I run it manually, but whenever I implement it via GPO (startup script) right after
Enable-BitLocker -MountPoint C: -EncryptionMethod XtsAes256 -SkipHardwareTest -UsedSpaceOnly -TpmProtector
I see in the transcription following error
Add-TpmProtectorInternal : A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)
At C:WINDOWSsystem32WindowsPowerShellv1.0ModulesBitLockerBitLocker.psm1:2095 char:31
+ ... $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal
Add-TpmProtectorInternal : A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)
At C:WINDOWSsystem32WindowsPowerShellv1.0ModulesBitLockerBitLocker.psm1:2095 char:31
+ ... $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal
I have tried to wrap the PS script with bat file:
powershell.exe -ExecutionPolicy bypass -file "Enable-bitlocker_step2.ps1"
Enable-bitlocker_step2.ps1 script body:
Start-Process Powershell.exe -ArgumentList '-ExecutionPolicy bypass -File "\**********SYSVOL***********scriptsEnable Bitlocker.ps1"' -Verb RunAs -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
The bitlocker script itself:
Start-Transcript -Path \Melandrutemp"$env:COMPUTERNAME.txt"
#get computer capability
$OS_edition = Get-WmiObject -Class win32_operatingSystem
$TPM_info = Get-Tpm
$bitlocker_status = Get-BitLockerVolume C:
$gpo_path = "***********SYSVOL***********Policies*******-****-****-****-**********"
###Pre-requisites###
#if bitlocker is on and encryption method is XtsAes256 - exit, since nothing to do
if (($bitlocker_status.protectionstatus -eq "On") -and ($bitlocker_status.EncryptionMethod -eq "XtsAes256"))
if ((Get-Content "$($gpo_path)bitlocker_list.txt") -like "*$($env:COMPUTERNAME)*") Write-output "Bitlocker key already backed up";exit
else
$key_protector=(Get-BitLockerVolume C:).keyprotector
#check if encryption/decryption in progress. If so - exit the script
elseif (($bitlocker_status.volumestatus -eq "EncryptionInProgress") -or ($bitlocker_status.volumestatus -eq "DecryptionInProgress")) Write-output "Bitlocker encryption/decryption in progress";exit
###define bitlocker functions###
function remove_old_key_protectors
foreach ($keyprotector in $bitlocker_status.keyprotector)
Remove-BitLockerKeyProtector C: -KeyProtectorId $keyprotector.keyprotectorid
Write-Output "Removed $($keyprotector.keyprotectorid)"
Write-Output "Old keys removed"
function enable_bitlocker
#add a new key protector - recovery password
Add-BitLockerKeyProtector -MountPoint C: -RecoveryPasswordProtector
Write-Output "Added password key protector"
#enable bitlocker
Enable-BitLocker -MountPoint C: -EncryptionMethod XtsAes256 -SkipHardwareTest -UsedSpaceOnly -TpmProtector
Write-Output "Bitlocker enabled"
#check tpm chip and OS edition
if (($OS_edition.caption -notlike "*ent*") -or ($TPM_info.TPMPresent -ne $True))write-output "Not compatible";exit
#if all checks passed - do the script logic
else
#Check if bitlocker is enabled and enryption method is not XtsAes256. If so - disable bitlocker
If (($bitlocker_status.protectionstatus -eq "On") -and ($bitlocker_status.EncryptionMethod -ne "XtsAes256"))
Write-Output "Disabling bitlocker"
Disable-BitLocker C:
Elseif ($bitlocker_status.protectionstatus -eq "Off")
#check if there's an old protection key and remove it
if ($bitlocker_status.keyprotector -ne $null)
Write-Output "Removing old keys"
remove_old_key_protectors
Write-Output "Enabling Bitlocker XtsAes256"
enable_bitlocker
Stop-Transcript -ErrorAction SilentlyContinue
The thing is if i simply run bat file manually from a computer - I have bitlocker enabled, but if I add bat script to Computer Configuration->Policies->Windows Settings->Scripts(Startup/Shutdown)->Startup
I see the error mentioned above.
Also I tried to push the bitlocker script(without any wrappers) via SCCM - it works.
I would like to understand what permissions are required and why?
windows powershell bitlocker
asked Apr 5 at 16:16
Tesla GreatTesla Great
62
New contributor
Tesla Great is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
1
I am trying to automate the bitlocker in our corporate environment.
I have written a script which enables the bitlocker and it works fine if I run it manually, but whenever I implement it via GPO (startup script) right after
Enable-BitLocker -MountPoint C: -EncryptionMethod XtsAes256 -SkipHardwareTest -UsedSpaceOnly -TpmProtector
I see in the transcription following error
Add-TpmProtectorInternal : A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)
At C:WINDOWSsystem32WindowsPowerShellv1.0ModulesBitLockerBitLocker.psm1:2095 char:31
+ ... $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal
Add-TpmProtectorInternal : A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)
At C:WINDOWSsystem32WindowsPowerShellv1.0ModulesBitLockerBitLocker.psm1:2095 char:31
+ ... $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal
I have tried to wrap the PS script with bat file:
powershell.exe -ExecutionPolicy bypass -file "Enable-bitlocker_step2.ps1"
Enable-bitlocker_step2.ps1 script body:
Start-Process Powershell.exe -ArgumentList '-ExecutionPolicy bypass -File "\**********SYSVOL***********scriptsEnable Bitlocker.ps1"' -Verb RunAs -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
The bitlocker script itself:
Start-Transcript -Path \Melandrutemp"$env:COMPUTERNAME.txt"
#get computer capability
$OS_edition = Get-WmiObject -Class win32_operatingSystem
$TPM_info = Get-Tpm
$bitlocker_status = Get-BitLockerVolume C:
$gpo_path = "***********SYSVOL***********Policies*******-****-****-****-**********"
###Pre-requisites###
#if bitlocker is on and encryption method is XtsAes256 - exit, since nothing to do
if (($bitlocker_status.protectionstatus -eq "On") -and ($bitlocker_status.EncryptionMethod -eq "XtsAes256"))
if ((Get-Content "$($gpo_path)bitlocker_list.txt") -like "*$($env:COMPUTERNAME)*") Write-output "Bitlocker key already backed up";exit
else
$key_protector=(Get-BitLockerVolume C:).keyprotector
#check if encryption/decryption in progress. If so - exit the script
elseif (($bitlocker_status.volumestatus -eq "EncryptionInProgress") -or ($bitlocker_status.volumestatus -eq "DecryptionInProgress")) Write-output "Bitlocker encryption/decryption in progress";exit
###define bitlocker functions###
function remove_old_key_protectors
foreach ($keyprotector in $bitlocker_status.keyprotector)
Remove-BitLockerKeyProtector C: -KeyProtectorId $keyprotector.keyprotectorid
Write-Output "Removed $($keyprotector.keyprotectorid)"
Write-Output "Old keys removed"
function enable_bitlocker
#add a new key protector - recovery password
Add-BitLockerKeyProtector -MountPoint C: -RecoveryPasswordProtector
Write-Output "Added password key protector"
#enable bitlocker
Enable-BitLocker -MountPoint C: -EncryptionMethod XtsAes256 -SkipHardwareTest -UsedSpaceOnly -TpmProtector
Write-Output "Bitlocker enabled"
#check tpm chip and OS edition
if (($OS_edition.caption -notlike "*ent*") -or ($TPM_info.TPMPresent -ne $True))write-output "Not compatible";exit
#if all checks passed - do the script logic
else
#Check if bitlocker is enabled and enryption method is not XtsAes256. If so - disable bitlocker
If (($bitlocker_status.protectionstatus -eq "On") -and ($bitlocker_status.EncryptionMethod -ne "XtsAes256"))
Write-Output "Disabling bitlocker"
Disable-BitLocker C:
Elseif ($bitlocker_status.protectionstatus -eq "Off")
#check if there's an old protection key and remove it
if ($bitlocker_status.keyprotector -ne $null)
Write-Output "Removing old keys"
remove_old_key_protectors
Write-Output "Enabling Bitlocker XtsAes256"
enable_bitlocker
Stop-Transcript -ErrorAction SilentlyContinue
The thing is if i simply run bat file manually from a computer - I have bitlocker enabled, but if I add bat script to Computer Configuration->Policies->Windows Settings->Scripts(Startup/Shutdown)->Startup
I see the error mentioned above.
Also I tried to push the bitlocker script(without any wrappers) via SCCM - it works.
I would like to understand what permissions are required and why?
windows powershell bitlocker
asked Apr 5 at 16:16
Tesla GreatTesla Great
62
New contributor
Tesla Great is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Is there a reason for using a script instead of group policies from Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive Encryption?
– Esa Jokinen
Apr 6 at 6:56
1
@EsaJokinen Thanks for the tip. I was pretty sure that GPO sets parameters, but does not enable the bitlocker itself. also we have many laptops with 128bit encryption, which should be changed to 256(the only way to change it - decrypt and re-encrypt)
– Tesla Great
yesterday
Well that's a good reason.
– Esa Jokinen
yesterday
add a comment |
1
1
1
I am trying to automate the bitlocker in our corporate environment.
I have written a script which enables the bitlocker and it works fine if I run it manually, but whenever I implement it via GPO (startup script) right after
Enable-BitLocker -MountPoint C: -EncryptionMethod XtsAes256 -SkipHardwareTest -UsedSpaceOnly -TpmProtector
I see in the transcription following error
Add-TpmProtectorInternal : A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)
At C:WINDOWSsystem32WindowsPowerShellv1.0ModulesBitLockerBitLocker.psm1:2095 char:31
+ ... $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal
Add-TpmProtectorInternal : A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)
At C:WINDOWSsystem32WindowsPowerShellv1.0ModulesBitLockerBitLocker.psm1:2095 char:31
+ ... $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal
I have tried to wrap the PS script with bat file:
powershell.exe -ExecutionPolicy bypass -file "Enable-bitlocker_step2.ps1"
Enable-bitlocker_step2.ps1 script body:
Start-Process Powershell.exe -ArgumentList '-ExecutionPolicy bypass -File "\**********SYSVOL***********scriptsEnable Bitlocker.ps1"' -Verb RunAs -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
The bitlocker script itself:
Start-Transcript -Path \Melandrutemp"$env:COMPUTERNAME.txt"
#get computer capability
$OS_edition = Get-WmiObject -Class win32_operatingSystem
$TPM_info = Get-Tpm
$bitlocker_status = Get-BitLockerVolume C:
$gpo_path = "***********SYSVOL***********Policies*******-****-****-****-**********"
###Pre-requisites###
#if bitlocker is on and encryption method is XtsAes256 - exit, since nothing to do
if (($bitlocker_status.protectionstatus -eq "On") -and ($bitlocker_status.EncryptionMethod -eq "XtsAes256"))
if ((Get-Content "$($gpo_path)bitlocker_list.txt") -like "*$($env:COMPUTERNAME)*") Write-output "Bitlocker key already backed up";exit
else
$key_protector=(Get-BitLockerVolume C:).keyprotector
#check if encryption/decryption in progress. If so - exit the script
elseif (($bitlocker_status.volumestatus -eq "EncryptionInProgress") -or ($bitlocker_status.volumestatus -eq "DecryptionInProgress")) Write-output "Bitlocker encryption/decryption in progress";exit
###define bitlocker functions###
function remove_old_key_protectors
foreach ($keyprotector in $bitlocker_status.keyprotector)
Remove-BitLockerKeyProtector C: -KeyProtectorId $keyprotector.keyprotectorid
Write-Output "Removed $($keyprotector.keyprotectorid)"
Write-Output "Old keys removed"
function enable_bitlocker
#add a new key protector - recovery password
Add-BitLockerKeyProtector -MountPoint C: -RecoveryPasswordProtector
Write-Output "Added password key protector"
#enable bitlocker
Enable-BitLocker -MountPoint C: -EncryptionMethod XtsAes256 -SkipHardwareTest -UsedSpaceOnly -TpmProtector
Write-Output "Bitlocker enabled"
#check tpm chip and OS edition
if (($OS_edition.caption -notlike "*ent*") -or ($TPM_info.TPMPresent -ne $True))write-output "Not compatible";exit
#if all checks passed - do the script logic
else
#Check if bitlocker is enabled and enryption method is not XtsAes256. If so - disable bitlocker
If (($bitlocker_status.protectionstatus -eq "On") -and ($bitlocker_status.EncryptionMethod -ne "XtsAes256"))
Write-Output "Disabling bitlocker"
Disable-BitLocker C:
Elseif ($bitlocker_status.protectionstatus -eq "Off")
#check if there's an old protection key and remove it
if ($bitlocker_status.keyprotector -ne $null)
Write-Output "Removing old keys"
remove_old_key_protectors
Write-Output "Enabling Bitlocker XtsAes256"
enable_bitlocker
Stop-Transcript -ErrorAction SilentlyContinue
The thing is if i simply run bat file manually from a computer - I have bitlocker enabled, but if I add bat script to Computer Configuration->Policies->Windows Settings->Scripts(Startup/Shutdown)->Startup
I see the error mentioned above.
Also I tried to push the bitlocker script(without any wrappers) via SCCM - it works.
I would like to understand what permissions are required and why?
windows powershell bitlocker
asked Apr 5 at 16:16
Tesla GreatTesla Great
62
New contributor
Tesla Great is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I am trying to automate the bitlocker in our corporate environment.
I have written a script which enables the bitlocker and it works fine if I run it manually, but whenever I implement it via GPO (startup script) right after
Enable-BitLocker -MountPoint C: -EncryptionMethod XtsAes256 -SkipHardwareTest -UsedSpaceOnly -TpmProtector
I see in the transcription following error
Add-TpmProtectorInternal : A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)
At C:WINDOWSsystem32WindowsPowerShellv1.0ModulesBitLockerBitLocker.psm1:2095 char:31
+ ... $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal
Add-TpmProtectorInternal : A required privilege is not held by the client. (Exception from HRESULT: 0x80070522)
At C:WINDOWSsystem32WindowsPowerShellv1.0ModulesBitLockerBitLocker.psm1:2095 char:31
+ ... $Result = Add-TpmProtectorInternal $BitLockerVolumeInternal.MountPo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Add-TpmProtectorInternal
I have tried to wrap the PS script with bat file:
powershell.exe -ExecutionPolicy bypass -file "Enable-bitlocker_step2.ps1"
Enable-bitlocker_step2.ps1 script body:
Start-Process Powershell.exe -ArgumentList '-ExecutionPolicy bypass -File "\**********SYSVOL***********scriptsEnable Bitlocker.ps1"' -Verb RunAs -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
The bitlocker script itself:
Start-Transcript -Path \Melandrutemp"$env:COMPUTERNAME.txt"
#get computer capability
$OS_edition = Get-WmiObject -Class win32_operatingSystem
$TPM_info = Get-Tpm
$bitlocker_status = Get-BitLockerVolume C:
$gpo_path = "***********SYSVOL***********Policies*******-****-****-****-**********"
###Pre-requisites###
#if bitlocker is on and encryption method is XtsAes256 - exit, since nothing to do
if (($bitlocker_status.protectionstatus -eq "On") -and ($bitlocker_status.EncryptionMethod -eq "XtsAes256"))
if ((Get-Content "$($gpo_path)bitlocker_list.txt") -like "*$($env:COMPUTERNAME)*") Write-output "Bitlocker key already backed up";exit
else
$key_protector=(Get-BitLockerVolume C:).keyprotector
#check if encryption/decryption in progress. If so - exit the script
elseif (($bitlocker_status.volumestatus -eq "EncryptionInProgress") -or ($bitlocker_status.volumestatus -eq "DecryptionInProgress")) Write-output "Bitlocker encryption/decryption in progress";exit
###define bitlocker functions###
function remove_old_key_protectors
foreach ($keyprotector in $bitlocker_status.keyprotector)
Remove-BitLockerKeyProtector C: -KeyProtectorId $keyprotector.keyprotectorid
Write-Output "Removed $($keyprotector.keyprotectorid)"
Write-Output "Old keys removed"
function enable_bitlocker
#add a new key protector - recovery password
Add-BitLockerKeyProtector -MountPoint C: -RecoveryPasswordProtector
Write-Output "Added password key protector"
#enable bitlocker
Enable-BitLocker -MountPoint C: -EncryptionMethod XtsAes256 -SkipHardwareTest -UsedSpaceOnly -TpmProtector
Write-Output "Bitlocker enabled"
#check tpm chip and OS edition
if (($OS_edition.caption -notlike "*ent*") -or ($TPM_info.TPMPresent -ne $True))write-output "Not compatible";exit
#if all checks passed - do the script logic
else
#Check if bitlocker is enabled and enryption method is not XtsAes256. If so - disable bitlocker
If (($bitlocker_status.protectionstatus -eq "On") -and ($bitlocker_status.EncryptionMethod -ne "XtsAes256"))
Write-Output "Disabling bitlocker"
Disable-BitLocker C:
Elseif ($bitlocker_status.protectionstatus -eq "Off")
#check if there's an old protection key and remove it
if ($bitlocker_status.keyprotector -ne $null)
Write-Output "Removing old keys"
remove_old_key_protectors
Write-Output "Enabling Bitlocker XtsAes256"
enable_bitlocker
Stop-Transcript -ErrorAction SilentlyContinue
The thing is if i simply run bat file manually from a computer - I have bitlocker enabled, but if I add bat script to Computer Configuration->Policies->Windows Settings->Scripts(Startup/Shutdown)->Startup
I see the error mentioned above.
Also I tried to push the bitlocker script(without any wrappers) via SCCM - it works.
I would like to understand what permissions are required and why?
windows powershell bitlocker
windows powershell bitlocker
asked Apr 5 at 16:16
Tesla GreatTesla Great
62
New contributor
Tesla Great is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 5 at 16:16
Tesla GreatTesla Great
62
New contributor
Tesla Great is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 5 at 16:16
Tesla GreatTesla Great
62
New contributor
Tesla Great is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 5 at 16:16
Tesla GreatTesla Great
62
asked Apr 5 at 16:16
Tesla GreatTesla Great
62
62
New contributor
Tesla Great is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Tesla Great is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Tesla Great is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Is there a reason for using a script instead of group policies from Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive Encryption?
– Esa Jokinen
Apr 6 at 6:56
1
@EsaJokinen Thanks for the tip. I was pretty sure that GPO sets parameters, but does not enable the bitlocker itself. also we have many laptops with 128bit encryption, which should be changed to 256(the only way to change it - decrypt and re-encrypt)
– Tesla Great
yesterday
Well that's a good reason.
– Esa Jokinen
yesterday
add a comment |
Is there a reason for using a script instead of group policies from Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive Encryption?
– Esa Jokinen
Apr 6 at 6:56
1
@EsaJokinen Thanks for the tip. I was pretty sure that GPO sets parameters, but does not enable the bitlocker itself. also we have many laptops with 128bit encryption, which should be changed to 256(the only way to change it - decrypt and re-encrypt)
– Tesla Great
yesterday
Well that's a good reason.
– Esa Jokinen
yesterday
Is there a reason for using a script instead of group policies from Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive Encryption?
– Esa Jokinen
Apr 6 at 6:56
Is there a reason for using a script instead of group policies from Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive Encryption?
– Esa Jokinen
Apr 6 at 6:56
1
1
@EsaJokinen Thanks for the tip. I was pretty sure that GPO sets parameters, but does not enable the bitlocker itself. also we have many laptops with 128bit encryption, which should be changed to 256(the only way to change it - decrypt and re-encrypt)
– Tesla Great
yesterday
@EsaJokinen Thanks for the tip. I was pretty sure that GPO sets parameters, but does not enable the bitlocker itself. also we have many laptops with 128bit encryption, which should be changed to 256(the only way to change it - decrypt and re-encrypt)
– Tesla Great
yesterday
Well that's a good reason.
– Esa Jokinen
yesterday
Well that's a good reason.
– Esa Jokinen
yesterday
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Tesla Great is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961727%2fenable-bitlocker-tpmprotector-via-gpo-does-not-work-0x80070522%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Tesla Great is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Tesla Great is a new contributor. Be nice, and check out our Code of Conduct.
Tesla Great is a new contributor. Be nice, and check out our Code of Conduct.
Tesla Great is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961727%2fenable-bitlocker-tpmprotector-via-gpo-does-not-work-0x80070522%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is there a reason for using a script instead of group policies from Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive Encryption?
– Esa Jokinen
Apr 6 at 6:56
1
@EsaJokinen Thanks for the tip. I was pretty sure that GPO sets parameters, but does not enable the bitlocker itself. also we have many laptops with 128bit encryption, which should be changed to 256(the only way to change it - decrypt and re-encrypt)
– Tesla Great
yesterday
Well that's a good reason.
– Esa Jokinen
yesterday