/build/static/layout/Breadcrumb_cap_w.png

Scripting Question


Does anyone have a script to take ownership of the TPM?

04/10/2017 4438 views
I have nearly everything working for my BitLocker enabling.

I have my BIOS PW being set, the TPM chip being turned on and activated and i have BitLocker encrypting the drive as long as the TPM chip ownership has been set.

This means that if I am redeploying a computer (where the TPM ownership is already set) it works perfectly.

But it fails when I deploy to a brand new PC, the TPM chip is the sticking point because I need to take ownership of it.

I am trying a very basic script now as a test:
manage-bde -tpm -TurnOn
manage-bde -tpm -TakeOwnership PASSWORD
manage-bde -on C: -RecoveryPassword -SkipHardwareTest

I had been reading into it and was trying with powershell but was so far unsuccessful and so I am falling back to the manage-bde method as that works well for turning on bitlocker from my experience so far. 

So, does anyone have experience with this and have some sample scripts?
0 Comments   [ + ] Show comments

Comments


All Answers

This content is currently hidden from public view.
Reason: Removed by member request For more information, visit our FAQ's.
0

I see you found your own answer with Windows 10.  For anyone looking to do this for Windows 7 I did write a very crude batch file that simply uses errorlevels to determine what needs to be done.  The logic in plain english is this:


1. Attempt to encrypt (manage-bde -on c: ...) - either enforce TPM via GPO or command line switch
2a. If no error, you're done, exit batch file.
2b. If error, attempt to turn on TPM (manage-bde -tpm -turnon)
3a. If no error, TPM should have been disabled prior and enabled with the command.  prompt user to restart to finish enabling TPM
3b. If error, TPM should already be enabled (TPM already enabled message).  Take ownership (-tpm -takeownership).  This should not require a restart so immediately re-run step 1.

Again, this is very crude but has worked so far.  You can pretty it up and add further checking.  This only works for Win7 as Win10 uses powershell to turn on and take ownership of the TPM.
Answered 07/27/2017 by: swalker804
Yellow Belt

0
Ok, so with Windows 10 I need to use powershell.
Answered 04/11/2017 by: Vivalo
Senior Yellow Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ