Jump to content


anyweb

Configuring BitLocker in Intune - Part 2. Automating Encryption

Recommended Posts

it worked for me ! and according to your log it worked for you too, how did you test it exactly ? I tested using a windows autopilot enrolled device that had regular user permissions (not local admin)

 

did you modify the script in any way ?

Share this post


Link to post
Share on other sites


No modification, delivered via intune, user logs on and is a standard user (autopilot). I manually changed the time on the task so it ran but didn't receive a prompt.

Share this post


Link to post
Share on other sites

can you do a teamviewer session with me so i can troubleshoot it ?

Share this post


Link to post
Share on other sites

no email received ! who did you send it to ?

Share this post


Link to post
Share on other sites

ok got it and replied

Share this post


Link to post
Share on other sites

Hi Bob, 

I have two questions and I would be most appreciative if you could answer them.

Questions 

1.) Do you have to have Windows Enterprise to manage bit locker within Microsoft Intune? Or can still manage devices with Windows Pro?

2.) If you do not want to make users administrators, but require them to accept the prompt to start encryption will your script automate this process  

 

Thanks for you help 

Yours Faithfully 
 

Layla Nicole 

Share this post


Link to post
Share on other sites

Hi Layla, I think your questions are for Niall, the script has been developed by Niall, however in answer to your questions:

1. I believe you can manage Pro as well.

2. Niall's script will automate the bitlocker encryption and write recovery keys to AAD and OneDrive., It does not use the prompt that you refer to. Niall is still developing his script, you can get the original (for standard user) from the Windows Noob link on page 1.

Thanks

Share this post


Link to post
Share on other sites

Hi,

I tried to run two task schedulers run as administrator under end-user account (non-local admin) and I have checked TriggerBitLocker.log and getting Access Dined.

I am trying achieve automatic BitLocker Encryption through Intune Policy without prompting admin credentials.   

Am I doing it correctly? 

Share this post


Link to post
Share on other sites

did you look at the youtube video showing you how to test this ?

here it is

 

 

Share this post


Link to post
Share on other sites
On 11/6/2017 at 7:41 PM, anyweb said:

well in my version it logs that it's deleting the scheduled task, when did you download the msi, perhaps you should retry the download

Hi Niall, 

Thanks for the wonderful article. I am having the same trouble as well, scheduled task just won't delete after encryption. i have downloaded the latest msi. device is Azure AD joined. any suggestions?

Cheers,

Ravi

Bitlocker log.txt

Share this post


Link to post
Share on other sites

are you using the User version of the MSI or the other one ?

  • Thanks 1

Share this post


Link to post
Share on other sites
41 minutes ago, anyweb said:

are you using the User version of the MSI or the other one ?

Hi Niall, 

Thanks for the reply. I am using the other one, one where users have admin access. 

Cheers, 
Ravi

Share this post


Link to post
Share on other sites

do you have a possibility to do a teamviewer session with me so that i can see how you are testing this /

Share this post


Link to post
Share on other sites
On 7/4/2018 at 4:38 AM, anyweb said:

do you have a possibility to do a teamviewer session with me so that i can see how you are testing this /

Hi Niall, 

 

Thanks mate. I think i messed out somewhere in my end, been retracing tracks last hour. Hopefully i'd get some time to test over the next couple of days. 

 

Cheers, 
Ravi 

Share this post


Link to post
Share on other sites

Hi Niall,

 

None of download link working. Could you please share download link of MSI file which works with standard user (non-admin) user? I tried to download them from link but it says not available.

 

Regards,

Sanjay Santoki

Share this post


Link to post
Share on other sites

hi Sanjay, i just tried and both downloads work fine, they do not work for non-registered users which may have been the case for you when you tried to download them,

 

please retry, now that you are a member

cheers

 

niall

Share this post


Link to post
Share on other sites

I am getting a message using the USER bitlocker trigger on an account that has no admin access after we have to manually reboot.  

Bitlocker could not be enabled 

The Bitlocker encryption key cannot be obtained. Verify that the Trusted Platform Module (TPM) is enabled and ownership has been taken. If this computer does not have a TPM, verify that the USB drive is inserted and available.
C:\ was not encrypted.
 
What else can we try in order to make this work?

Share this post


Link to post
Share on other sites

was the TPM enabled ?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...