Hello,
We have non AD W7 and W10 laptops that are used for work-from-home.
I am trying to enable bitlocker remotely / silently on W7 first.
I have been able to script the enabling / activation of TPM via Altiris;
CCTK --tpm=on --valsetuppwd=xxxxxxxxx
CCTK --tpmactivation=enabled --valsetuppwd=xxxxxxxx
Reboot
When I try to activate bitlocker using manage-bde;
manage-bde c: -on
I get the following;
ERROR: The TPM cannot be used to protect this volume. The TPM does not have an owner set.
When I try;
manage-bde -tpm -o
I get the following;
ERROR: Parameter "-TakeOwnership" requires and argument.
When I go to the bitlocker gui I am able to enable bitlocker. The only thing that I am prompted for is where to save recovery key / password. For testing purposes I printed to pdf. Selected next, skipped hardware testing and next again to start the encryption process.
Is it possible to do this scripted / silently?
For laptops that do have bitlocker enabled (manually / in person) I am able to retrieve the numerical ID and password for IT Security's records via Altiris scripts.
manage-bde -protectors C: -get
BitLocker Drive Encryption: Configuration Tool version 10.0.18362
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Volume C: []
All Key Protectors
TPM:
ID: {D88C0F68-7693-447A-9B19-447144722358}
PCR Validation Profile:
0, 2, 4, 11
Numerical Password:
ID: {BDF5DEC5-D150-4ACC-B128-7BF7F49FE2E7}
Password:
111584-xxxxxx-305558-048873-xxxxxx-615857-289289-xxxxxx
Thank you!
------------------------------
Giles
------------------------------