Jump to content


anyweb

Configuring BitLocker in Intune - Part 2. Automating Encryption

Recommended Posts

it worked for me ! and according to your log it worked for you too, how did you test it exactly ? I tested using a windows autopilot enrolled device that had regular user permissions (not local admin)

 

did you modify the script in any way ?

Share this post


Link to post
Share on other sites

No modification, delivered via intune, user logs on and is a standard user (autopilot). I manually changed the time on the task so it ran but didn't receive a prompt.

Share this post


Link to post
Share on other sites

can you do a teamviewer session with me so i can troubleshoot it ?

Share this post


Link to post
Share on other sites

no email received ! who did you send it to ?

Share this post


Link to post
Share on other sites

ok got it and replied

Share this post


Link to post
Share on other sites

Hi Bob, 

I have two questions and I would be most appreciative if you could answer them.

Questions 

1.) Do you have to have Windows Enterprise to manage bit locker within Microsoft Intune? Or can still manage devices with Windows Pro?

2.) If you do not want to make users administrators, but require them to accept the prompt to start encryption will your script automate this process  

 

Thanks for you help 

Yours Faithfully 
 

Layla Nicole 

Share this post


Link to post
Share on other sites

Hi Layla, I think your questions are for Niall, the script has been developed by Niall, however in answer to your questions:

1. I believe you can manage Pro as well.

2. Niall's script will automate the bitlocker encryption and write recovery keys to AAD and OneDrive., It does not use the prompt that you refer to. Niall is still developing his script, you can get the original (for standard user) from the Windows Noob link on page 1.

Thanks

Share this post


Link to post
Share on other sites

Hi,

I tried to run two task schedulers run as administrator under end-user account (non-local admin) and I have checked TriggerBitLocker.log and getting Access Dined.

I am trying achieve automatic BitLocker Encryption through Intune Policy without prompting admin credentials.   

Am I doing it correctly? 

Share this post


Link to post
Share on other sites

did you look at the youtube video showing you how to test this ?

here it is

 

 

Share this post


Link to post
Share on other sites
On 11/6/2017 at 7:41 PM, anyweb said:

well in my version it logs that it's deleting the scheduled task, when did you download the msi, perhaps you should retry the download

Hi Niall, 

Thanks for the wonderful article. I am having the same trouble as well, scheduled task just won't delete after encryption. i have downloaded the latest msi. device is Azure AD joined. any suggestions?

Cheers,

Ravi

Bitlocker log.txt

Share this post


Link to post
Share on other sites

are you using the User version of the MSI or the other one ?

  • Thanks 1

Share this post


Link to post
Share on other sites
41 minutes ago, anyweb said:

are you using the User version of the MSI or the other one ?

Hi Niall, 

Thanks for the reply. I am using the other one, one where users have admin access. 

Cheers, 
Ravi

Share this post


Link to post
Share on other sites

do you have a possibility to do a teamviewer session with me so that i can see how you are testing this /

Share this post


Link to post
Share on other sites
On 7/4/2018 at 4:38 AM, anyweb said:

do you have a possibility to do a teamviewer session with me so that i can see how you are testing this /

Hi Niall, 

 

Thanks mate. I think i messed out somewhere in my end, been retracing tracks last hour. Hopefully i'd get some time to test over the next couple of days. 

 

Cheers, 
Ravi 

Share this post


Link to post
Share on other sites

Hi Niall,

 

None of download link working. Could you please share download link of MSI file which works with standard user (non-admin) user? I tried to download them from link but it says not available.

 

Regards,

Sanjay Santoki

Share this post


Link to post
Share on other sites

hi Sanjay, i just tried and both downloads work fine, they do not work for non-registered users which may have been the case for you when you tried to download them,

 

please retry, now that you are a member

cheers

 

niall

Share this post


Link to post
Share on other sites

I am getting a message using the USER bitlocker trigger on an account that has no admin access after we have to manually reboot.  

Bitlocker could not be enabled 

The Bitlocker encryption key cannot be obtained. Verify that the Trusted Platform Module (TPM) is enabled and ownership has been taken. If this computer does not have a TPM, verify that the USB drive is inserted and available.
C:\ was not encrypted.
 
What else can we try in order to make this work?

Share this post


Link to post
Share on other sites

was the TPM enabled ?

Share this post


Link to post
Share on other sites

Hello Niall;

I am trying this automation process. I able to push the msi file to the hybrid-Azure Joined computer successfully. Loggd in with non-admin user. The task scheduled at 2:00 PM (I edited this task to run for test). At the scheduled time, the task run and successfully backed up Bitlocker drive encryption recovery information. But

 

1. Didn't prompt me to restart. When I checked the status I got the attached info. also attached the log

2. I restarted manually, the encryption didn't start

Can you provide me the latest version of this MSi which I can use to deploy encryption on a no-admin user computer?

 

 

Encryption Status.PNG

TriggerBitLocker.log.txt

Share this post


Link to post
Share on other sites

hi the msi attached to this blogpost is the latest i have available

did you see my testing video here ?

 

Share this post


Link to post
Share on other sites

Hello, the links to the MSI seems to be unavailable

 

NVM: didn't realise you had to be registered to get the downloads

Edited by Swiftzn
I am a bit silly

Share this post


Link to post
Share on other sites

I seem to be having an issue with this script(I have tried both the user one and the admin one)

Our usecase might be slightly different.

I keey getting the following error
 

"Error while setting up AAD Bitlocker, make sure that you are AAD Joined and are running cmdlet as an admin: Cannot bind argument to parameter 'Path' because it is null.

No this is only when i try run the script via task scheduler or via powershell ISE(Admin Mode)
When i run the parts of the script that push the key to AAD it works just fine and the recovery key shows up.

The use difference is we normally set up a local account with MDM enabled and Work account connected

Any help on fixing this?

 

**EDIT**

So i have looked through the code and at line 100 i have made a couple changes with brackets and i think i have a working version now could you take a look and confirm i am not crazy?

Edited by Swiftzn

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...