/build/static/layout/Breadcrumb_cap_w.png

Kace Script to set PIN on boot for Bitlocker

I am looking for a script to enable a boot PIN on a computer that has Biltlocker enabled.  I think this would be useful to use in conjunction with KACE to lock down a laptop that may be off site.  Over the years I have had a couple of instances where some employees "forgot" they still had a company laptop at home when they left and we would like to make sure no company data can be accessed. 

Asked 5 years ago 961 views
0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: Ziggi 5 years ago
Blue Belt
0

Top Answer

$pass = ConvertTo-SecureString "Password" -AsPlainText -Force
Enable-BitLocker -MountPoint C: -Password $pass -PasswordProtector -SkipHardwareTest
Add-BitLockerKeyProtector -RecoveryPasswordProtector -MountPoint C:


I use this for my Startup Password to Automate from the KACE SDA.


I think you can just change from password to -TpmAndPinAndStartupKeyProtector


$PIN = ConvertTo-SecureString "PIN" -AsPlainText -Force
Enable-BitLocker -MountPoint C: -TpmAndPinAndStartupKeyProtector $PIN
Add-BitLockerKeyProtector -RecoveryPasswordProtector -MountPoint C:

This should help ^

Comments:
  • Enable-Bitlocker line still prompts for PIN - JordanNolan 5 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ