Bitlocker GPO automatic?

Question

I was wondering if someone else has accomplished on what im trying to do i have GPO to automatic stores the keys in the AD when activated the bitlocker, but it seems that i have to do it manually, so i put a logon script bat with this

script.bat

Powershell.exe -ExecutionPolicy Bypass \\192.168.3.150\shares\publica\sistemas\enablebitlocker.ps1

But the for some odd reason im getting this popup which i would want it to run it silently or is there way to automatic say yes ?

Safety warningRun only the trusted scripts. Scripts from the Internet can be useful, but this script coulddamage your equipment. If you trust this script, use the Unblock-File cmdlet to allow it to run without this messagewarning. Do you want to run

this is the powershell script

$CdriveStatus = Get-BitLockerVolume -MountPoint 'c:'
if ($CdriveStatus.volumeStatus -eq 'FullyDecrypted') {
    C:\Windows\System32\manage-bde.exe -on c: -recoverypassword -skiphardwaretest
}

Thank you

currently running server 2012 which does not allow GPO powershell

It's in the message: `If you trust this script, use the Unblock-File cmdlet to allow it to run`. My guess would be the file has the Mark of the Web. — Greg Askew, May 30 '21 at 18:59
well, I would maybe cheat it with unlock-file and a short script like from https://hostingultraso.com/help/windows/find-your-script%E2%80%99s-name-powershell and put it as first line or make 2 scripts, a other cheat would be to set the execution policy to a non blocking state — djdomi, May 30 '21 at 20:08
You don't _have_ to do it manually. If it's not done automatically, you're missing something. Here's how I did a few years ago, it's been working flawlessly ever since: https://noobient.com/2014/11/17/bitlocker-with-active-directory/ — bviktor, Jun 06 '21 at 21:28
thanks for the reply, what i could not get it working was when the user does not have admin permissions on the computer i saw your tutorial but it does not show how it though GPO automatically without enabling manually bitlocker — killmasta93, Jun 07 '21 at 23:01

score 0 · Answer 1 · answered Jun 06 '21 at 20:41

0

seemed to fixed it by adding the script by name instead by IP

\\apolo\shares\publica\sistemas\enablebitlocker.ps1

answered Jun 06 '21 at 20:41

killmasta93

21
1
5

Bitlocker GPO automatic?

1 Answers1

Linked