How to Enable BitLocker with Key Storage in Active Directory Using GPO?

0
1
Asked By CuriousUser92 On

I'm curious if anyone has a solid method for enabling BitLocker and saving the recovery keys in Active Directory strictly through a Group Policy Object (GPO) instead of using Intune. I'm currently testing this with a GPO that runs a PowerShell script at startup, which is supposed to store the details in AD. However, I'm only getting it to the stage where it says 'BitLocker waiting for activation.' Here's the script I'm using:

```powershell
$logPath = "C:BitLocker-Startup-Log.txt"
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Add-Content -Path $logPath -Value "$timestamp - Script started."

$BLV = Get-BitLockerVolume -MountPoint "C:"
if ($BLV.VolumeStatus -eq "FullyDecrypted") {
Add-Content -Path $logPath -Value "$timestamp - BitLocker not enabled. Enabling now..."
Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -TpmProtector
Add-Content -Path $logPath -Value "$timestamp - BitLocker encryption started."
} else {
Add-Content -Path $logPath -Value "$timestamp - BitLocker already enabled."
}
```
Any advice or tips would be greatly appreciated!

2 Answers

Answered By TechGuru77 On

Hey, you don't need to reinvent the wheel here! There are pre-existing GPO settings for BitLocker to help store the recovery keys in Active Directory without the need to use scripts. Just check out the built-in BitLocker management settings in GPOs.

Answered By AdminNinja12 On

Are you trying to accomplish something specific that the GPOs won't help with? Because BitLocker already has GPO options built-in for enabling it. It might simplify things if you use those.

CuriousUser92 -

No special case, just want it enabled and keys saved in AD. I'd prefer it only activates if there's a change detected—don't want it popping up at every reboot (which is rare around here, lol). But I read that GPO doesn’t enable it automatically.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.