Hi @VMware Advisor, thanks for this wonderful video, just wanted to ask do you also have Powershell script to encrypt workstation without TPM? i am kinda bit problematic on it.
So each time a user reboots their workstation Bitlocker is going to write new information to Active Directory? That seems excessive. Is this because your scripts are running each time the system boots? I'm not sure the documentation details that so wanted to confirm.
Look like the script should be ran everyday so you should have many recovery key on AD ? is there any way to stop running the scrip if the C driver already encrypted ???
Thank you for the tutorial. Why do we need to create multiple keys each time a computer reboot? Can we check to see if bitlocker. protection status is not on then turn on instead?
You don't create multiple keys. If it fails it will create multiple keys but the newest key is the only working key.. each PC gets a single working key. If the GPolicy didn't finish or the PC reboots it will keep creating a new key until the process is completely finished. Then it will be on and locked to the latest key inside your AD.
The problem is turning on TPM. That still means someone going to each system and turning it on in the BIOS. While they're at the user's desk they might as well kick off BitLocker manually. How is this "zero touch"?
Hey Man, Thanks a lot for publishing this video, is there anyway to run/enable bitlocker just one time... What happens is everythime that i restart computer it just get decrypted and also encrypted back and that´s not good at all. Thanks a lot.
There is something wrong with your configuration as it should not decrypt after each reboot. The only reason I believe it would do that is if you powered down the PC before it was finished encrypting.
Hi, greate Tutorial! But currently it seems, that i have an issue to execute the remote script. I can see the applied GPO but nothing happend. Copying down the script to the client and execut it there, works. Any Idea?
It runs in the background.. you will have to run PowerShell and check to see the status of bitlocker. So on your clients you will never see the script run but if the icon on the C drive changes to a lock then it's running also you can use PowerShell to check status
this is the best tutorial that i can find so far, ty so much^^
Great guide and love that you shared your scripts. :) Unusual helpfulness in the tech community.
ps1 script tested in workstation. it's working. thank you! great help, indeed!
So no USB drives needed? Can we script adding all drives not just OS and does that change boot behavior?
Hi I had setup workstation script on D drive only, it had encripted d drive but unable to get recovery key on active directory server, Please help me
Hi @VMware Advisor, thanks for this wonderful video, just wanted to ask do you also have Powershell script to encrypt workstation without TPM? i am kinda bit problematic on it.
Hi great video !! Two questions, how you solved the multiple recovery keys generated at logon? I works too in Azure AD or the script is different?
So each time a user reboots their workstation Bitlocker is going to write new information to Active Directory? That seems excessive. Is this because your scripts are running each time the system boots? I'm not sure the documentation details that so wanted to confirm.
Look like the script should be ran everyday so you should have many recovery key on AD ? is there any way to stop running the scrip if the C driver already encrypted ???
can i use this workstation script to encrypt Fixed Drives. Please help me.
Hi sir. Thanks for all! Could you upload again the links of the scripts in other page?? Tinyurl is down, I cant access from Spain. Thanks!
tinyurl target drive.google.com/drive/folders/1o4O5QB7HqCt7YbLM1C6iVPQvBbn1rjJm
Thank you for the tutorial. Why do we need to create multiple keys each time a computer reboot? Can we check to see if bitlocker. protection status is not on then turn on instead?
You don't create multiple keys. If it fails it will create multiple keys but the newest key is the only working key.. each PC gets a single working key. If the GPolicy didn't finish or the PC reboots it will keep creating a new key until the process is completely finished. Then it will be on and locked to the latest key inside your AD.
You rock! Totally saved my ass with this guide!
The problem is turning on TPM. That still means someone going to each system and turning it on in the BIOS. While they're at the user's desk they might as well kick off BitLocker manually. How is this "zero touch"?
why would be the TPM turn off in the first place? it is zero tuch, TPM is enable by default.
Hey Man, Thanks a lot for publishing this video, is there anyway to run/enable bitlocker just one time... What happens is everythime that i restart computer it just get decrypted and also encrypted back and that´s not good at all. Thanks a lot.
There is something wrong with your configuration as it should not decrypt after each reboot. The only reason I believe it would do that is if you powered down the PC before it was finished encrypting.
Hi, greate Tutorial! But currently it seems, that i have an issue to execute the remote script. I can see the applied GPO but nothing happend. Copying down the script to the client and execut it there, works. Any Idea?
It runs in the background.. you will have to run PowerShell and check to see the status of bitlocker. So on your clients you will never see the script run but if the icon on the C drive changes to a lock then it's running also you can use PowerShell to check status
@@VMwareAdvisor Hi. My script is running and my GPO is being applied, but bitlocker isn't turning on.
@@VMwareAdvisor If I run the script locally, it does what it's supposed to, but the script running from the GPO isn't activating BitLocker.
same issue for me any solution i can see it has applied on the GPO but not taking effect
Any luck?