I have nearly everything working for my BitLocker enabling.

I have my BIOS PW being set, the TPM chip being turned on and activated and i have BitLocker encrypting the drive as long as the TPM chip ownership has been set.

This means that if I am redeploying a computer (where the TPM ownership is already set) it works perfectly.

But it fails when I deploy to a brand new PC, the TPM chip is the sticking point because I need to take ownership of it.

I am trying a very basic script now as a test:
manage-bde -tpm -TurnOn
manage-bde -tpm -TakeOwnership PASSWORD
manage-bde -on C: -RecoveryPassword -SkipHardwareTest

I had been reading into it and was trying with powershell but was so far unsuccessful and so I am falling back to the manage-bde method as that works well for turning on bitlocker from my experience so far. 

So, does anyone have experience with this and have some sample scripts?
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity


This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.


I see you found your own answer with Windows 10.  For anyone looking to do this for Windows 7 I did write a very crude batch file that simply uses errorlevels to determine what needs to be done.  The logic in plain english is this:

1. Attempt to encrypt (manage-bde -on c: ...) - either enforce TPM via GPO or command line switch
2a. If no error, you're done, exit batch file.
2b. If error, attempt to turn on TPM (manage-bde -tpm -turnon)
3a. If no error, TPM should have been disabled prior and enabled with the command.  prompt user to restart to finish enabling TPM
3b. If error, TPM should already be enabled (TPM already enabled message).  Take ownership (-tpm -takeownership).  This should not require a restart so immediately re-run step 1.

Again, this is very crude but has worked so far.  You can pretty it up and add further checking.  This only works for Win7 as Win10 uses powershell to turn on and take ownership of the TPM.
Answered 07/27/2017 by: swalker804
Senior White Belt

Please log in to comment
Ok, so with Windows 10 I need to use powershell.
Answered 04/11/2017 by: Vivalo
Senior Yellow Belt

Please log in to comment