New: MassDeploy BitLocker Drive Encryption

MassDeploy BitLocker Drive Encryption
Encrypt the OS drive and back up all recovery keys to Active Directory

  • Check if this is a BitLocker-capable OS
  • Check if a TPM chip is available
  • Check if we can back up recovery keys
  • Take ownership of the TPM by setting an owner password, only for Windows 7/2008R2 and Vista/2008
  • Check for existing numerical password protectors
  • Add a numerical password protector, if one does not exist
  • Back up all recovery keys to AD
  • Turn on BitLocker and begin drive encryption
  • Display a detailed success or failure message, except in silent mode

Command line arguments
<none> - Minimally interactive install
/u - Unattended install
/s - Silent install
Exit codes
104 - Aborting the installation; unsafe conditions: Windows 10 1803 prior to build 17134.319 cannot back up keys to AD with a local account
222 - Unable to find manage-bde.exe
223 - This is not a BitLocker-capable OS
224 - A TPM chip was not found
225 - Failed to back up recovery keys to AD
226 - Unable to find the password protector ID
200 - Failed to run the process: manage-bde.exe
Common exit codes