Documents discussing BitLocker drive encryption and configuration
View all tagsThis document describes a script designed to add a recovery password to a BitLocker-enabled drive that lacks a key protector. The script disables the current BitLocker protection, initializes the TPM if necessary, and re-enables the protection with a Recovery Password protector. It is intended for execution as an Autofix script and not for manual use.
Group of machines where BitLocker is disabled.
Group of machines where BitLocker is enabled.
This document outlines the process to determine if the C: drive on an endpoint has BitLocker enabled. It includes information on accessing the data through BitLocker dataviews or the roles tab in ConnectWise Automate, along with the necessary detection string and settings.
This document provides a dataview containing records of computers where BitLocker initialization failed twice due to issues encountered by the Autofix script. It outlines the relevant dependencies and details about each computer, including client name, location, operating system, and the number of failed attempts.
The solution outlines the process of backing up BitLocker recovery keys to Active Directory or Azure Active Directory using CW RMM.
Group of machines where "BitLocker Key Backup" is enabled.
Group of machines where BitLocker Key Backup Failed.
This custom field display the most recent result after pushing the BitLocker recovery keys into AD/AzureAD.
Group of machines where BitLocker Key Backup Successful.
Group of machines where BitLocker Key was not found.
This script verifies whether the device is joined to a domain or Azure AD. For eligible devices, it attempts to back up BitLocker recovery keys to Azure AD or Local AD, depending on the join type. For each drive, it checks for RecoveryPassword protectors and tries to back up the key using the appropriate cmdlet. The output summarizes any failures, including drive letter, key substring, and platform. If all keys are backed up successfully, it reports success. If the device is not domain or Azure AD joined, or the BitLocker module is unavailable, it returns a relevant message. The output is formatted for saving into the CW RMM custom field "BitLocker Key Backup Status".
Stores BitLocker status and key information for all volumes on the device.
The solution outlines the process of auditing BitLocker encryption status and recovery keys using CW RMM with daily scheduled tasks.
This script collects BitLocker encryption details for each drive on the system using the Get-BitLockerVolume cmdlet. It summarizes the protection status, key protector types, encryption percentage, and recovery password (if available). The output is formatted as a single string suitable for saving into the Endpoint-Level custom field "BitLocker Status and Key".
Group of machines where the "BitLocker Status Audit" is enabled.
Group of machines where BitLocker is suspended.
Flag this custom field to exclude the endpoint from "BitLocker Key Backup" solution.
Flag this custom field to exclude the site from "BitLocker Key Backup" solution.
Flag this custom field to exclude the endpoint from the BitLocker Status Audit solution.
Flag this custom field to exclude the site from the BitLocker Status Audit solution.
Select Operating System to Enable BitLocker Key Backup. The output of the Key Backup will be saved into the endpoint-level custom field "BitLocker Key Backup Status".
Select the Operating System to Enable BitLocker Status Audit. BitLocker status and recovery key will be stored in the device-level custom field "BitLocker Status and Key".
This dataview shows the complete detail of the TPM of the Windows machines