Sep 17 2021 02:15 AM
Hi,
I have been trying to run a script from MS Intune for decrypting hard drive but the status of the script shows success but decryption never starts. I also checked the registry and there also the status is success but result details are blanks.
I have tested the script manually on a devices and it works. I tested the script running through a system account using PS tool and it works there too. I am running the script with system account through Intune.
The script is for decrypting OS drive which is not encrypted with "XTS AES 256" algorithm as we are in a process of standardizing encryption algo in our organization.
Here is the script:-
$BitlockerStatus = Get-BitLockerVolume -MountPoint $env:SystemDrive
$status = $BitlockerStatus.VolumeStatus
$algorithm = $BitlockerStatus.EncryptionMethod
if ($status -eq 'FullyEncrypted')
{
#Write-Host $status
if ($algorithm -eq 'XTSAES256')
{
}
Else
{
Disable-BitLocker -MountPoint $env:SystemDrive
}
}
Any help is highly appreciated.
Thanks,
Gaurav Ranjan
Sep 17 2021 04:48 AM
Sep 17 2021 06:08 AM
Just tested it (needed to change the 256 to 128 because we were already using that)
$BitlockerStatus = Get-BitLockerVolume -MountPoint $env:SystemDrive
$status = $BitlockerStatus.VolumeStatus
$algorithm = $BitlockerStatus.EncryptionMethod
if ($status -eq 'FullyEncrypted')
{
#Write-Host $status
if ($algorithm -eq 'XTSAES128')
{
#Write-host "It's encrypted"
}
Else
{
Disable-BitLocker -MountPoint $env:SystemDrive
}
}
It works like expected? when sycing the device the agentexutor showed the decyprting part
Sep 17 2021 07:38 AM
Sep 17 2021 07:42 AM
Sep 17 2021 08:24 AM
Sep 17 2021 10:26 PM
Sep 20 2021 01:19 AM
Sep 20 2021 04:27 AM