Unable to perform enable-bitlocker and lock-bitlocker successively

Question

I am trying to enable bitlocker on windows server 2012 R2 data volume using following command:

Enable-BitLocker -MountPoint $volume -Password ($password | ConvertTo-SecureString -AsPlainText -Force) -PasswordProtector

After this I am trying to lock the data volume with,

Lock-BitLocker $volume -ForceDismount

Now, the problem here is, encryption process is on hold as I have locked the data volume. I want to lock the data volume after full volume encryption. Is there any option to lock the data volume after encryption process complete? Any help?

score 0 · Answer 1 · answered May 22 '15 at 06:45

Here, it looks like you can use Get-BitLocker to find the state of the drive, and the encryption progress:

PS C:\> Get-BitLockerVolume 
VolumeType      Mount CapacityGB VolumeStatus           Encryption KeyProtector              AutoUnlock Protection
                Point                                   Percentage                           Enabled    Status
----------      ----- ---------- ------------           ---------- ------------              ---------- ----------
Data            D:        931.51 EncryptionInProgress   1          {RecoveryPassword, Pas...            Off

You could add some code like this before calling Lock-BitLocker, to check every few seconds for encryption to be completed:

do {
    Start-Sleep -Seconds 10
    $drive = Get-BitLocker -MountPoint $volume
} while ($drive.VolumeStatus -in @('FullyDecrypted','EncryptionInProgress'))

(I haven't tested this code. Maybe you could check for the VolumeStatus being 'FullyEncrypted' if that's how it ends up).

Unable to perform enable-bitlocker and lock-bitlocker successively

1 Answers1