How can I automate enabling Bitlocker on new laptops?

By
Dan
-
0
12
Asked By TechWizard42 On

I'm prepping for our organization to receive over 70 new laptops and I'm trying to figure out how to automatically enable Bitlocker on them. I've set up some Group Policy Objects (GPOs) to manage Bitlocker settings, especially for backing up recovery passwords to Active Directory. I also wrote a PowerShell script that checks if Bitlocker is already on using a marker file and enables it if needed, but I'm hitting a snag. The script works when I run it manually but fails when I configure it as a startup script through GPO. The policy seems to apply, but it doesn't run. I suspect it might be due to the need for a user to be logged in for Bitlocker to activate, as GPO startup scripts run before the user signs in. I saw some suggestions about using scheduled tasks for this process. Any ideas or solutions?

4 Answers

Answered By CodingNinja101 On

Have you tried running your PowerShell script directly on the machine, bypassing GPO and scheduled tasks? If it still doesn't work that way, then the issue might be with your script itself. Simplifying your conditions could help; I've found checking the ProtectionStatus directly is usually straightforward.

Answered By BitlockMaster3000 On

Honestly, you shouldn't need to script anything manually. GPO and Intune are designed to manage Bitlocker automatically as soon as the device receives the policy right after network connection or domain join—no user login required. I recommend setting that up instead.

Answered By ScripterJoe88 On

You might want to explore using Intune or leveraging GPO more effectively. Both have built-in options to enforce Bitlocker and take care of key backups without needing custom scripts. They’ll automate the process much better once your devices are enrolled or joined to the domain.

Answered By SysAdminGal On

If you're stuck on using scripts, make sure you check the BitLocker ProtectionStatus using Get-BitLockerVolume directly instead of depending on marker files. It looks like you might be overcomplicating things. But check out the Windows documentation for setting up Bitlocker through GPO—it’s often the most reliable approach.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.