Forum Discussion
Bitlocker encryption
Hi, We have enabled Bitlocker using Intune and used AES 256bit XTS. But when we run manage-bde -status it says the encryption method is XTS-AES 128. Any suggestions on this? Is it a potential Bu...
- Ok, but if you want the intune clients to also have 256Bit... Then you will have to decrypt them and encrypt them again to fix that
Did the decryption work out for you?
Hi Harm,
As per my reply earlier, Manual Decryption was working well on machines. However, if I run the script from Intune, it gets failed each time. The script needs needs to be run with elevated privileges and Intune does that any way. In the logs it says Access Denied. Any ideas around it?
Thanks
As per my reply earlier, Manual Decryption was working well on machines. However, if I run the script from Intune, it gets failed each time. The script needs needs to be run with elevated privileges and Intune does that any way. In the logs it says Access Denied. Any ideas around it?
Thanks
- You could use logging to see what's happening :
Start-Transcript c:\Windows\Temp\decrypt.log
$BLV = Get-BitLockerVolume
Disable-BitLocker -MountPoint
Stop-Transcript
Deploy that to a computer and check the log afterwards. You're running it as System and not as the logged in user?- Hi Harm, Is there a way that we can check the encryption method on all devices (nearly 300) devices maybe using a PowerShell script?
Thanks- A bit like this I assume.. from there on after you altered it you could change it do "fix"/remediate it
https://call4cloud.nl/2021/05/the-texas-chain-saw-bitlocker-remediations/#part4
