Script to auto enable bitlocker

%3CLINGO-SUB%20id%3D%22lingo-sub-197168%22%20slang%3D%22en-US%22%3EScript%20to%20auto%20enable%20bitlocker%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-197168%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%20!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20my%20company%2C%20we%20are%20deploying%20a%20new%20master%20of%20Windows%2010%20Pro.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20would%20like%20to%20enable%20Bitlocker%20thanks%20to%20a%20script.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20bitlocker%20has%20to%20be%20configured%20with%20tpm%2C%20with%20a%20specific%20recovery%20key%20(a%20master%20key%20which%20will%20be%20the%20same%20on%20every%20computer)%20and%20it%20has%20to%20encrypt%20the%20entire%20drive.%3C%2FP%3E%3CP%3EThe%20master%20will%20just%20have%20an%20admin%20session%2C%20when%20the%20image%20will%20be%20installed%2C%20the%20user's%20session%20will%20be%20created%20manually%20so%20there%20is%20no%20sysprep.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20the%20script%20will%20contain%20the%20master%20bitlocker%20key%2C%20it%20has%20to%20be%20deleted%20from%20the%20drive%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPcs%20are%20laptops%20and%20desktop%20from%20Dell%2C%20and%20are%20equipped%20with%20tpm%20chips.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20created%20a%20custom%20Dell%20BIOS%20settings%20to%20apply%20on%20first%20boot%20which%20create%20a%20BIOS%20password%2C%20and%20HDD%20Password%2C%20enable%20TPM%2C%20enable%20UEFI%20boot%20only%2C%20Disable%20Legacy%20rom%20boot%20and%20enable%20SecureBoot.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20found%20some%20scripts%20on%20Microsoft%20community%20and%20here%20and%20there%20on%20internet%20but%20nothing%20is%20working.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20has%20this%20kind%20of%20script%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

Hi there !

 

In my company, we are deploying a new master of Windows 10 Pro.

 

We would like to enable Bitlocker thanks to a script.

 

The bitlocker has to be configured with tpm, with a specific recovery key (a master key which will be the same on every computer) and it has to encrypt the entire drive.

The master will just have an admin session, when the image will be installed, the user's session will be created manually so there is no sysprep.

 

Since the script will contain the master bitlocker key, it has to be deleted from the drive

 

Pcs are laptops and desktop from Dell, and are equipped with tpm chips.

 

I have created a custom Dell BIOS settings to apply on first boot which create a BIOS password, and HDD Password, enable TPM, enable UEFI boot only, Disable Legacy rom boot and enable SecureBoot.

 

I found some scripts on Microsoft community and here and there on internet but nothing is working.

 

 

Does anyone has this kind of script ?

 

Thanks

0 Replies