Scripting Question

Kace Script to set PIN on boot for Bitlocker

03/28/2019 792 views

I am looking for a script to enable a boot PIN on a computer that has Biltlocker enabled.  I think this would be useful to use in conjunction with KACE to lock down a laptop that may be off site.  Over the years I have had a couple of instances where some employees "forgot" they still had a company laptop at home when they left and we would like to make sure no company data can be accessed. 

Answer Summary:
0 Comments   [ + ] Show comments


Answer Chosen by the Author


$pass = ConvertTo-SecureString "Password" -AsPlainText -Force
Enable-BitLocker -MountPoint C: -Password $pass -PasswordProtector -SkipHardwareTest
Add-BitLockerKeyProtector -RecoveryPasswordProtector -MountPoint C:

I use this for my Startup Password to Automate from the KACE SDA.

I think you can just change from password to -TpmAndPinAndStartupKeyProtector

$PIN = ConvertTo-SecureString "PIN" -AsPlainText -Force
Enable-BitLocker -MountPoint C: -TpmAndPinAndStartupKeyProtector $PIN
Add-BitLockerKeyProtector -RecoveryPasswordProtector -MountPoint C:

This should help ^

Answered 03/29/2019 by: Ziggi
Blue Belt

  • Enable-Bitlocker line still prompts for PIN
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ