BitLocker powershell comandlets RRS feed

  • Question

  • Hello!

    I wanted to configure and run BitLocker using only PS, but I've got a problem on my last step. Here is my script:

    #Setting recovery
    add-bitlockerkeyprotector -mountpoint C: -recoverypasswordprotector
    #Setting password
    $securestring = convertto-securestring "something" -asplaintext -force
    add-bitlockerkeyprotector -mountpoint C: -password $securestring -passwordprotector
    #Enabling bitlocker
    enable-bitlocker -mountpoint C:

    And my last command can't run encryption. "Parameter set cannot be resolved..."

    By the way, using something like this...

    manage-bde -on c:

    ...will start encryption. So what am I doing wrong with PS commands?

    • Moved by Bill_Stewart Wednesday, September 4, 2019 9:17 PM Abandoned
    Tuesday, April 9, 2019 8:34 AM

All replies

  • https://docs.microsoft.com/en-us/powershell/module/bitlocker/enable-bitlocker?view=win10-ps

    In the above article, they use:

    Enable-Bitlocker -MountPoint "C:"

    Maybe the quotations are required or more parameters are needed? ¯\_(ツ)_/¯

    Tuesday, April 9, 2019 8:40 AM
  • No "" won't help. Only thing that worked for me was:

    enable-bitlocker -mountpoint c: -recoverypasswordprotector

    But after such command, if I check status with:

    manage-bde -status
    I can find 2 Numerical Password protectors... I don't think it is good sign.

    • Edited by _Neke Tuesday, April 9, 2019 8:46 AM
    Tuesday, April 9, 2019 8:46 AM
  • You can delete one of the two recovery key protectors without doing harm.

    manage-bde -protectors -delete -id: {someID...} c:

    There are two, because you tried to start encryption before. That's normal.

    Tuesday, April 9, 2019 9:45 AM
  • Okay, let it be. I just want to start encryption, all parameters are predefined. I can do it with cmd command:

    manage-bde -on

    Can I do same thing with PS? This one is not working for me:

    Enable-Bitlocker -MountPoint "C:"

    Tuesday, April 16, 2019 10:56 AM
  • If it does not work, for whatever reason, just use the batch command in powershell, it works as well in powershell scripts.
    Tuesday, April 16, 2019 11:01 AM
  • There is no problem in just running my script. It works. But I would like to rebuild it without cruthes...

    Tuesday, April 16, 2019 1:26 PM
  • There is no problem in just running my script. It works. But I would like to rebuild it without cruthes...

    Type the following command to see that is happening in PowerShell.

    Get-Command manage-bde

    This tells you that this is a legitimate PowerShell command.


    Tuesday, April 16, 2019 2:57 PM
  • Powershell's syntax is more picky than manage-bde. See, this works:

    #Setting recovery
    add-bitlockerkeyprotector -mountpoint C: -recoverypasswordprotector

    #Setting password
    securestring = convertto-securestring "something" -asplaintext -force

    #Enabling bitlocker
    enable-bitlocker -mountpoint C: -SkipHardwareTest -UsedSpaceOnly -password $securestring -passwordprotector

    Tuesday, April 16, 2019 5:36 PM