How to Enable BitLocker From Tool
-
wfranksbct
- Posts: 1
- Joined: Tue Jun 20, 2023 7:00 pm
How to Enable BitLocker From Tool
This tool has great potential, but we really need help understanding in more detail how to use the tool. There are only two screenshots and a marketing video on youtube that's it. We just need to know how to enable bitlocker and have a recovery password generated and saved in automate. Can anyone assist us with this?
Re: How to Enable BitLocker From Tool
You were pretty close, just needed to look up from main bitlocker forum view. Here is the basic documentation for the plugin after it is successfully installed.
viewforum.php?f=70
viewforum.php?f=70
- Screenshot 2023-06-21 085220.jpeg (177.07 KiB) Viewed 1198 times
-
chris10385
- Posts: 20
- Joined: Tue May 23, 2023 4:10 pm
Re: How to Enable BitLocker From Tool
Seems no matter what option I choose it is NOT enabling/turning on Bitlocker on my device. Any ideas or anything i can send to help assist?
- Attachments
-
- bitlocker plugin.png (218.42 KiB) Viewed 47 times
-
- bitlocker status.png (60.91 KiB) Viewed 47 times
Re: How to Enable BitLocker From Tool
I am by no means a BitLocker "expert" so do your own diligence.
Our plugin does not determine what is and is a not valid request so if you try to push an Active Directory Account or Group key to an agent that is not on an Active Directory, we will happily pass the request, you will however get a error as a response.
I believe that encrypting a System drive has certain requirements from BitLocker. I do not believe BitLocker will encrypt a system volume unless it can be unlocked during bootup (TPM, Passcode, Pin, etc).
The recovery password key protector serves as a backup method for unlocking the encrypted volume in case you forget the password (applied by another Key Protector). If you choose to use only the recovery password as the key protector, you won't have to enter a password each time you access the volume. Instead, you'll only need to use the recovery password if you ever need to unlock the drive.
So to add a recovery password, you should have another key in place, typically I see TPM as the primary Key and then a recovery key created for that.
You can possibly get more data about error from the command logs on the agents console. At the time you run tool, capture the logs in the commands logs for the commands we are sending down to agent. Both the commands themselves and the return from the agent. Post a complete set on the logs and commands as sent to agent here so we can see if there were any syntax error in commands or a log that explains the failure.
This will help us determine if it is a misconfigure from BitLocker or a error in syntax in the requests.
Our plugin does not determine what is and is a not valid request so if you try to push an Active Directory Account or Group key to an agent that is not on an Active Directory, we will happily pass the request, you will however get a error as a response.
I believe that encrypting a System drive has certain requirements from BitLocker. I do not believe BitLocker will encrypt a system volume unless it can be unlocked during bootup (TPM, Passcode, Pin, etc).
The recovery password key protector serves as a backup method for unlocking the encrypted volume in case you forget the password (applied by another Key Protector). If you choose to use only the recovery password as the key protector, you won't have to enter a password each time you access the volume. Instead, you'll only need to use the recovery password if you ever need to unlock the drive.
So to add a recovery password, you should have another key in place, typically I see TPM as the primary Key and then a recovery key created for that.
You can possibly get more data about error from the command logs on the agents console. At the time you run tool, capture the logs in the commands logs for the commands we are sending down to agent. Both the commands themselves and the return from the agent. Post a complete set on the logs and commands as sent to agent here so we can see if there were any syntax error in commands or a log that explains the failure.
This will help us determine if it is a misconfigure from BitLocker or a error in syntax in the requests.