Bitlocker - Volume - Add Recovery Password Autofix
Summary
The script is designed to add a recovery password to a drive where BitLocker is enabled but a key protector is not found. It is a copy of the SEC - Encryption - Script - Bitlocker - Volume - Initialize script with a hardcoded parameter.
It will disable the currently applied BitLocker protection using the SEC - Encryption - Script - Bitlocker - Remove Volume script before re-enabling it with a Recovery Password protector.
The script will initialize the TPM if it is not already initialized, but it will not restart the computer. Please note that this script is not intended for manual execution. It is designed to be executed as an Autofix script from the SEC - Encryption - Internal Monitor - Bitlocker - Missing Key Protectors monitor set.
Sample Run
Dependencies
- SEC - Encryption - Internal Monitor - Bitlocker - Missing Key Protectors
- SEC - Encryption - Script - Bitlocker - Audit
- SEC - Encryption - Script - Bitlocker - Remove Volume
Variables
| Name | Description |
|---|---|
| Parameters | -RecoveryPasswordProtector -AllowTPMInit -MountPoint '@MountPoint@' -SkipHardwareTest |
User Parameter
| Name | Example | Required | Description |
|---|---|---|---|
| MountPoint | C: | True (for manual execution only) | Drive Letter to add BitLocker Key Protector |
Output
- Script logs