/build/static/layout/Breadcrumb_cap_w.png

Scripting Question


Issue automating bitlocker deployment via kace script & manage-bde

07/06/2018 1969 views
We are in the works to make sure all our devices are bitlocked and encrypted. This has always been a manual process when re-imaging, but we have a good number of devices that need to be bitlocked in remote locations. When we do it manually we save the bitlock key in a text file in a network folder. I would like to script this process and make it auto-save the key file to the same network drive. I have a script that works well as a .bat file but is giving me an error I can pinpoint as to the cause. Anyone have any ideas?

Here is the error:
Running as credntials provided
Creating process returned non-zero: %systemdrive%\Windows\System32\manage-bde.exe -status C: -protectionaserrorlevel: (4294967295)
Error Code: -1
Status Code: 0
Creating process returned non-zero: %systemdrive%\Windows\System32\manage-bde.exe -protectors -add %SystemDrive% -tpm: (4294967295)
Error Code: -1
Status Code: 0

Here is the script:


 
 



 

   

   
     
   

   
     
     
     
     
     
     

     
       
       
     

     
       
     

   

 



4 Comments   [ + ] Show comments

Comments

  • The script is not visible
  • As above the script isn't visible, but you can upload the recovery keys to KACE and place them under the device inventory of the machine.
  • If it's not a 32-bit vs 64-bit issue chucksteel mentioned, it could be file/folder permissions. I believe KACE scripts normally run under the SYSTEM account (not a logged on user), which may not have access to the network share you're using. Try adding the group Domain Computers to both the network share permissions and the file/folder permissions. I'd suggest creating a dummy script for testing, and try using write but NOT read permissions on the folder. I've got a script which creates files and I've setup folder permissions "Read attributes", "Create files / write data", "Create folders / append data", "Write attributes", "Write extended attributes". The folder does NOT have "List folder / read data".
  • Has this been resolved? I am having similar issues with a script that changes a local password.
    https://www.itninja.com/question/need-help-with-formerly-functioning-script


Community Chosen Answer

1
The manage-bde.exe command is not available in the 32bit context where the AMPAgent is running. You need to use %windir%\sysnative\manage-bde.exe instead.

Answered 07/17/2018 by: chucksteel
Red Belt

All Answers

0
Answered 03/29/2019 by: Timokirch
3rd Degree Black Belt

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ