/build/static/layout/Breadcrumb_cap_w.png

Bitlocker Prep on Windows 10

I've been encrypting our Windows 10 desktops using a script with the following command:

Manage-bde.exe -On C: -RecoveryPassword -EncryptionMethod xts_aes256 -SkipHardwareTest

It has worked on most machines, but not on about 40 where TPM is activated. I don't see any pattern based on model or OS version, and the TPM version is 1.2 or 1.3 for all. I went to one of the problem machines and was able to enable BL in the control panel, but it gave me the message that it had to prepare the computer and restart first. I suspect that means the drive only has one partition and that the prep creates the bitlocker partition. Does that make sense? I doubt the TPM has to be cleared because these machines haven't had bitlocker enabled before.

Should I just try running "bdehdcfg -target default" on a machine first? Is there much danger of corrupting the hard drive or rendering the machine unbootable if it doesn't work?

Asked 3 years ago 0 views
0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: CarstenBuscher 3 years ago
Purple Belt
1

Top Answer

I had a similar problem and in the end it was the reagent.xml.

So i deleted the file using this PS Script:

   If (Test-Path C:\Windows\System32\Recovery\ReAgent.XML) {
        Remove-Item C:\Windows\System32\Recovery\ReAgent.XML
    }
    else
    {
    }

Comments:
  • OK, thanks. - tpr 3 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ