Bitlocker GPO automatic?
-
Hi
I was wondering if someone else has accomplished on what im trying to do
i have GPO to automatic stores the keys in the AD when activated the bitlocker, but it seems that i have to do it manually, so i put a logon script bat with thisscript.bat
Powershell.exe -ExecutionPolicy Bypass \\192.168.3.150\shares\publica\sistemas\enablebitlocker.ps1But the for some odd reason im getting this popup which i would want it to run it silently or is there way to automatic say yes ?
Safety warningRun only the trusted scripts. Scripts from the Internet can be useful, but this script coulddamage your equipment. If you trust this script, use the Unblock-File cmdlet to allow it to run without this messagewarning. Do you want to runthis is the powershell script
$CdriveStatus = Get-BitLockerVolume -MountPoint 'c:' if ($CdriveStatus.volumeStatus -eq 'FullyDecrypted') { C:\Windows\System32\manage-bde.exe -on c: -recoverypassword -skiphardwaretest }Thank you
-
@killmasta93 said in Bitlocker GPO automatic?:
Hi
I was wondering if someone else has accomplished on what im trying to do
i have GPO to automatic stores the keys in the AD when activated the bitlocker, but it seems that i have to do it manually, so i put a logon script bat with thisscript.bat
Powershell.exe -ExecutionPolicy Bypass \\192.168.3.150\shares\publica\sistemas\enablebitlocker.ps1But the for some odd reason im getting this popup which i would want it to run it silently or is there way to automatic say yes ?
Safety warningRun only the trusted scripts. Scripts from the Internet can be useful, but this script coulddamage your equipment. If you trust this script, use the Unblock-File cmdlet to allow it to run without this messagewarning. Do you want to runthis is the powershell script
$CdriveStatus = Get-BitLockerVolume -MountPoint 'c:' if ($CdriveStatus.volumeStatus -eq 'FullyDecrypted') { C:\Windows\System32\manage-bde.exe -on c: -recoverypassword -skiphardwaretest }Thank you
Just guessing here but maybe because you're calling it from a network location? Since you're doing this as a logon script, why not call the PS directly from the GPO? Or is my memory playing tricks on me again...
-
Thanks for the reply, but GPO by powershell i think its only compatible for server 2016-2019 but running currently 2012
-
https://9to5it.com/bypass-the-powershell-execution-policy/
# If group policy blocks scripts POWERSHELL -Command "$enccmd=[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes((Get-Content -Path 'command.ps1')));POWERSHELL -EncodedCommand $enccmd" -
@black3dynamite
Thanks for the reply and sorry the late reply i did not get a notification on the email,
seemed that the issue was that it has to be done by \nameof server and not IP -
@killmasta93 said in Bitlocker GPO automatic?:
@black3dynamite
Thanks for the reply and sorry the late reply i did not get a notification on the email,
seemed that the issue was that it has to be done by \nameof server and not IPI think it has to do with the trust factor. with a name, your endpoint is able to verify the fileserver, as an IP it can't.
