Powershell to pull BitLocker Encryption status
1) enable PSremoting on all laptops --best way is via GPO or any other way to do it?If you are dealing with domain computer, then yes, GPO is the way to go
2) I want to run this on a few hundreds laptops so I don't want to manually enter my credentialsChange this:Powershell[system.Management.Automation.PSCredential]$Credentialto this:
Powershell[system.Management.Automation.CredentialAttribute()]$Credential
Also, your invoke-command line has a typo:
Powershell$Obj = Invoke-Command -ComputerName $ComputerName -Credential $Credential -ScriptBlock $ScopeSo all that aside, manage-bde has a -cn parameter for remote computers, so Invoke-Command may not be necessary.
I found two scripts to get BitLocker Encryption status but my challenging are1) enable PSremoting on all laptops --best way is via GPO or any other way to do it?2) I want to run this on a few hundreds laptops so I don't want to manually enter my credentials
TextFunction Get-OSCBitlockerStatus{ param ( [Parameter(Mandatory = $False, Position = 0)] [String[]]$ComputerName, [Parameter(Mandatory = $False, Position = 1)] [String]$FilePath, [Parameter(Mandatory = $False, Position = 2)] [system.Management.Automation.PSCredential]$Credential ) If($ComputerName) { Foreach($CN in $ComputerName) { GetStatus -ComputerName $CN } } ElseIf($FilePath) { #Get content from the file If(Test-Path -Path $FilePath) { $CNCol = Get-Content -Path $FilePath Foreach($CN in $CNCol) { GetStatus -ComputerName $CN } } Else { Write-Error "Find the specified...
This topic first appeared in the Spiceworks Community
Similar Messages
-
Problems with Comodo Kill Switch, Windows Services & Bitlocker Encryption on Asus N56VZ
Hi All,
So recently I found myself stuck in a different scenario than before, and after many hours researching and efforts to fix this I still find myself stuck yet with a few options still to fix.
What is the problem?
So as a security cautious user when i first got to Windows 8.1 Pro 64Bit I encrypted both the C and D drive (Split the main disk) to protect myself and my family. Unfortunately that has not been very helpful with the way in which booting and running from
either external USB devices or CD/DVD works, not allowing myself to at all.
My usual security suit I use is Comodo Internet Security, which additionally comes with Comodo Kill Switch. Whilst using the application instead of stopping one of the TCP connections I was meant to I accidently stopped an Windows Explorer connection.
For some reason since then Windows Explorer, nor most windows apps or services themselves will run. For example msconfig will run but sfc /scannow or mmc will not, whether in safe mode or normal mode.
What Caused the Problem?
Cannot 100% say
What I Think Caused the Problem?
Myself running Comodo Kill Switch stopping a vital server connection with Windows Explorer that messed up alot. Or a potential Virus unknown how cannot fully scan system as wont boot externally or run many apps.
Additional Info
Asus Webcam is Disabled on Purpose
Laptop was fully customized to run latest games full graphics minus Anti Aliasing, works with Evolve + CoD Advanced Warfare
Laptop does not boot if USB Keyboard plugged in, works with everything else normal (had this on other systems no problem for me)
Ask me for more info if required to add here, braindead again
Specifications of my system
Intel® Core™ i7 3610QM Processor
Windows 8.1 Pro 64Bit
Intel® HM76 Chipset
DDR3 1600 MHz SDRAM, 2 x SO-DIMM 8GB
15.6" HD (1366x768)/Full HD (1920x1080)/Wide View Angle LED Backlight
NVIDIA® GeForce® GT 650M with 2GB DDR3 VRAM
1TB 5400RPM OR 750GB 5400/7200RPM (Cannot remember off top of head, braindead)
Super-Multi DVD
Kensington lock (Security Feature)
LoJack (Security Feature)
BIOS Booting User Password Protection (Security Feature)
HDD User Password Protection and Security (Security Feature)
Pre-OS Authentication by programmable key code (Security Feature)
What Can Run and Won't Run?
ON BOOT:
Bitlocker Encryption Password & Advanced Settings are accessible
Bios (password protected) is accessible
Windows Recovery Mode is accessible (Think it is F9 or F10)
Windows Logon Password Screen is accessible
ON NORMAL/SAFE-MODE START UP:
After Log-In Windows Explorer will not run
Task Manager will run, also allows me to browse the files when trying to start new task
Can run Command prompt
Cannot run any control panel items
Cannot run services.msc
Cannot run mmc
Cannot run sfc
Every time it metions windows drive is locked
Start Error's when running certain applications (Will post codes soon)
Rufus USB Tool does run
Cannot boot Kali Linux off USB
Cannot boot Windows 8.1 off USB
Cannot boot Windows 8.1 off DVDRW
Fixwin2 will not run
Apps either work or don't whether in safe mode or normal
Cannot use Windows Installer
What Fixes I Have Tried So Far
Ok so like any normal user I don't want to lose my files. So here are what I have tried so far:
Repair MBR (Repair Completed, No Luck)
SFC /SCANNOW (Returns Error 'Windows Resource Protection could not start the repair service')
Tried sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows (Could not access drive)
Fixwin2 (Will not run in either normal or safe mode)
Booting using Windows 8.1 via USB (Cannot boot from extermal devices due to Bitlocker Encryption)
Booting using Kali Linux Via DVD & USB (Cannot boot from external devices due to Bitlocker Encrytption)
How do I know it is because of Bitlocker, because last time I disabled it, I could run from external devices
Tried to run bitlocker to change settings (Will not run)
Have used both password and recovery keys to unlock driver, they work but when applications are running on windows the drive is still locked?
Tried windows Automatic Diagnostic and Repair (Could not repair anything, did make a log I am still to extract from the syste)
There are No System Restore Points
I'm sure there is much more information I could post however I will leave it on an ask to know basis, apart from the log files and further information to gather. Below is my list of trial and error fixes to try for today (need more ideas and help please!):
Hiren's 15.2 Boot CD via DVD (NOT ABLE TO BOOT)
Hiren's 15.2 Boot CD via USB (NOT ABLE TO BOOT)
Research into the Bios and Possible Update in-case of implementation of Virus, can access flash utility (STILL NOT TESTED)
Try and get a portable version or a working version of windows installer to try and re-install Comodo Internet Security (STILL NOT TESTED)
Another way to disable Bitlocker
Anti-Malware / Anti-Virus Scan If Possible to Run One
Bitlocker Repair Tool, will try this also
I have posted this as have not found much info online, usually find it and crack on but this time things are a little more tricky, my priority task I really need to do is remove the Bitlocker Encryption, but if the application will not run... what do I do
then?
Thanks for your time reading all, Sorry for any poor formatting or spelling.
Update 1: MMC.exe Error Code
Ok so now have the computer in safe mode, still same as before, no explorer.exe, no services etc... Just went into the Task Manager > Services (Tab) > Open Services (Option at bottom)
This is the error I get:
'The Instruction at 0x785a746c referenced memory at 0x000000a8. The memory could not be read.
Any Ideas on what this error is and why?
Update 2: CHKDSK Works with no Fix
Update 3: Hiren's 15.2 Boot CD - USB Boot still no luck booting around Bitlocker Encryption
Just to explain again, I already have unlocked the drive with correct bitlocker password or recovery key yet the drive remains locked not allowing windows refresh of files of complete install from the windows recovery menu as keeps saying drive is lockedOk so attempt number two to write this update via bloody phone! (Just refreshed page whilst writing!)
Update 4:
Problem - cannot run from bootable devices (DVD/USB)
Cause - bitlocker fully encrypted drive stops this working
Repair - Boot up holding F9 to enter windows recovery Input Bitlocker recovery keys to unlock drives
Navigate to Command Prompt in advanced settings Execute following code:
Repair-bde c: d: -rp 000111-222333-444555-etc...
(Code found from https://technet.microsoft.com/en-us/library/ee523219%28v=ws.10%29.aspx)
Note for those using this: It is common while unlocking certain drives to get errors such as: Quote from http://www.benjaminathawes.com/2013/03/17/resolving-partial-encryption-problems-with-bitlocker/
"LOG INFO: 0x0000002aValid metadata at offset 8832512000 found at scan level
1.LOG INFO: 0x0000002b Successfully created repair context.
LOG ERROR: 0xc0000037 Failed to read sector at offset 9211592704.
(0×00000017) LOG ERROR: 0xc0000037 Failed to read sector at offset 9211593216.
(0×00000017) …followed by around 20 similar entries that differed only by the offset value"
Repair Status for Update 4: COMPLETED - However over wrote D drive data so now need to recover that
Problem 2 - windows services corrupted along with windows files
Cause - Unknown
Repair - wait until system is fully decrypted Once fully decrypted ensure boot from USB/DVD
Re-do fixes that would not work before if this has fixed boot issue Confirm fix / update post Hope anything I put here helps others also -
Alright, I am stumped. I have looked at nearly every article on this error here at Technet and other sites:
An error occurred while sending encryption status data.
Error code:
0x803d0013
Details:
A message containing a fault was received from the remote endpoint.
First, I am testing this. I have copied the MDOP ADMX/ADML files directly to the client I am testing this on, and I am applying the policy via the Group Policy Management on the local machine. I am not deploying this via the domain. I wouldn't think that
would make a difference, but please let me know if I am wrong.
I have performed the following:
1. (DisableMachineVerification)
in MBAM registry as
is in this article http://support.microsoft.com/kb/2612822
2. On the MDOP group policy I have enabled:
I. Client Management
A. Configure MBAM Services
B. Configure user exemption policy
II. Fixed Drive
A. Fixed data drive encryption settings
B. Choose how BitLocker-protected fixed drives can be recovered
III. Operating System Drive
A. Operating system drive encryption settings
B. Choose how BitLocker-protected operating system drives can be recovered
IV. Removable Drive
A. Control use of BitLocker on removable drives
3.
On the MBAM Administration Server AD object, enable the “Trust for delegation for any service (Kerberos Only) option”, under the Delegation tab. Also,
the user has been granted delegation privileges for all of the services on the server.
4. SPN Records have been created for the server
5. HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement
Change the ClientWakeUpFrequency = 1 and StatusReportingFrequency=1
Create a dword value “NoStartupDelay” under HKLM\Software\Microsoft\MBAM and set its value to 1.
Also, I did not encrypt my drive with MBAM. It was encrypted before hand. Is there anything I can check or do? The event logs on the MBAM server under MBAM-Web don't show anything under Admin or Operational.
I think my KeyRecoveryServiceEndPoint and StatusReportingServiceEndpoint URLs are correct:
https://mbam01.domainname.com:443/MBAMRecoveryAndHardwareService/CoreService.svc
https://mbam01.domainname.com:443/MBAMComplianceStatusService/StatusReportingService.svc
I even think there was a registry key to make the hardware compatible, but I don't remember which key it was, as I uninstalled and reinstalled, and don't remember where I found that on the forums.
Any suggestions?If you have made changes to the web.config files to accommodate the SSL settings, you will not be able to browse the URLs with the http protocols. The URLs will then only work with the https protocols.
Could you please confirm the login created for the particular local groups with the following permission:-
For MBAM Compliance Auditing DB Access:-
User Mapping – MBAM Compliance Status
DB Role Membership – ComplianceWriteRole
Server Roles – Public
For MBAM
Recovery and Hardware DB access:-
User Mapping – MBAM Recovery and Hardware
DB Role Membership – RecoveryandHardwareReadRole, RecoveryandHardwareWriteRole
Server Roles – Public
Make sure the MBAM Computer account (MBAM Web Server) is a member of these two groups.
Gaurav Ranjan -
BitLocker Encryption ToGo; Decryption Issue.
I currently have a USB drive that has been partially encrypted with BitLocker Encryption, but will not allow me to unlock it. I have looked for many resources on solving this issue, but have decided to post my details.
I am running Windows 7 Enterprise. I have the Password and I have a FIPS-140-2 complaint Recovery Key. All of my USB drives have the FAT32 file system. I do not have a TPM or Smart Card, but i do have the 256 bit FVE key. I have not tried unlocking on another
computer with BitLocker Encryption.
First of all i successfully encrypted one USB drive with no issues and stored the key on another USB drive. Next I encrypted a hard disk drive and stored the key on the same USB drive. Next i begun encrypted the USB drive that had the keys stored on it,
but realized i had to have had encrypt another drive first so I stopped the encryption at about 4%, by closing BitLocker. I realize this is where i must have gone wrong, because i stopped the encryption algorithm as it was already started. BitLocker took awhile
to close so i assumed it reversed encrypted what it had already encrypted. I then encrypted the other drive and stored the key on the USB drive with the keys on it. According to a BitLocker policy the keys encrypt each other and become chained together, but
this may not be relevant to the issue. I resumed the encryption process of the partly encrypted USB drive and stored the key on an entirely separate and not yet encrypted USB drive and this seemed to complete with no issues. Then i encrypt the final USB drive
and stored the key on a non encrypted hard disk.
Now the problem I am having is when I attempt to unlock the USB drive with the keys on it. The drive unlocks, but then unmounts itself and asks for the password again and this ends up being an endless loop. I decide to decrypt all drives in the order i encrypted
them and there appears to be no issue except for with the USB drive with most of the keys on it. I am unable to unlock and decrypt the USB with the keys on it so i skip this drive in the process and I am able to fully decrypt the rest of the drives using the
keys stored on the "broken" encrypted drive regardless of skipping decrypting it. If I attempt to decrypt or unlock the USB drive with the keys on it I can not, so I tried rebooting. Now when I attempt to unlock the drive using the password through
the BitLocker Encryption Manager the manager seems to freeze and goes into a non responsive mode and I am unable to close it, even after safely removing the USB drive.
I have tried a few different methods to solve this issue, but fear that without manually decrypting every single bit exactly how they were encrypted the data may be lost.
I use an elevated command prompt to use the standard "manage-bde d: -unlock -pw" and then enter the password, but this seems to only unlock the drive momentarily before it unmounts itself.
I have also tried using "manage-bde d: -unlock -recoverykey '[recoverykey/path].bek'", but this shows the same behavior.
I have also tried using "repair-bde d: e: -recoverykey '[recoverykey/path].bek'" and the command prompt says "Error: Cannot open 'D:'. Check that it is not currently in use. To continue even when the volume is in use, add the -Force option.".
Not using the "-Force" parameter allows me to access the drive as if it isn't locked, but only lets me see the "COV 0000. ER" and other BitLocker ToGo autorun files, while not letting me modify or copy the "COV 0000. ER" file.
I am able to view the "COV 0000. ER" file with a hex editor, but do not want to have to screen capture every screen worth of characters to attempt to manually decrypt the entire two gigabytes of information, while still not knowing exactly what timestep
the encryption algorithm actually stopped at.
If I use "repair-bde d: e: -recoverykey '[recoverykey/path].bek'" again or use the "repair-bde d: e: -recoverykey '[recoverykey/path].bek' -force" the drive seems to respond and starts scanning for BitLocker metadata, and boot sectors.
I am then prompted "LOG INFO: 0x00000027", "Valid metadata at offset 579055616 found at scan level 1.", "LOG INFO: 0x00000028 Successfully created repair context. Beginning decryption". The "d:" USB drive is approximately
two gigabytes, while the "e:" is approximately eight gigabytes. This then does from 1% to 99% without any issues. As the decryption process hits 99%, I am prompted with a popup "repair-bde.exe - Wrong Volume", "The wrong volume is
in the drive. Please insert volume into drive \Device\Harddisk2\DR8", "Cancel: Try Again: Continue" and the encrypted USB unmounts itself again and asks for the password through the BitLocker Drive Encryption Manager. No matter which of the
three choices I select the command prompt then says "LOG ERROR: 0xc0000035 Failed to read sector at offset 2000010000. <0x00000002>" and repeats untill it hits "2015160832" and then says "Decrypting: 100% Complete. Finished decryption.
ACTION REQUIRED: Run 'chkdsk D: /f' before viewing decrypted data. Now I still have the USB drive with the keys on it, but it remains locked, but now the eight gigabyte USB drive I used as "e:" is seen as a "RAW" filesystem under "Disk
Management", but "FAT32" under "My Computer". If i try to open "e:" I am prompted to format the drive before using it. If I use "RUN" to attempt to check the disk for errors in "read-only mode" the drive
is detected as if it was the "NTFS" file format, but does not seem to have any errors.
If I choose to format the USB drive "e:" I am able to use it, but it appears blank. Using third party recovery software I am able to retrieve some of the data from the partition, which was on "d:", but it appears to be partly decrypted
still or possibly fragmented. I realize this step isn't because of BitLocker and may be due to the software used to retrieve the information.
I am able to repeat this temporarily unlocking of "d:" and attempting to recover process over and over, while still getting the same result.
Another interesting note is, when I use "manage-bde -status", when the drive is locked I can see that the encrypted drive "d:" is still protected with a password and external key. If I use "repair-bde d: e: -recoverykey '[recoverykey/path].bek"
to temporally unlock the drive and then use "manage-bde -status" the drive "d:" reads the status as "Size: 1.88 GB, BitLocker Version: None, Conversion Status: Fully Decrypted, Percentage Encrypted: 0%, ERROR: An error occurred <code
0x80070057>:, The parameter is incorrect.".
Also when the USB drive is temporally unlocked using "repair-bde d: e: -recoverykey '[recoverykey/path].bek" and I use "manage-bde d: -off" I am prompted "ERROR: An error occurred <code 0x80310008>: BitLocker Drive Encryption
is not enabled on this drive. Turn on BitLocker.". If I use "manage-bde d: -on" the USB drive is detected by BitLocker as having no name, as expected, but also "ERROR: An error occurred <code 0x8031002e>: BitLocker Drive Encryption
cannot encrypt the specified drive because an encryption key is not available. Add a key protector to encrypt this drive." If I use "manage-bde d: -on -recoverykey '[recoverykey/path].bek'" then BitLocker detects the drive, but prompts "Key
Protectors Added: ERROR: An error occurred <code 0x8031002d>: The drive encryption algorithm and key cannot be set on a previously encrypted drive. To encrypt this drive with BitLocker Drive Encryption, remove the previous encryption and then turn on
BitLocker."
If I use "manage-bde d: -protectors -disable" I am prompted "ERROR: An error occurred <code 0x8031002d>: The drive encryption algorithm and key cannot be set on a previously encrypted drive. To encrypt this drive with BitLocker Drive
Encryption, remove the previous encryption and then turn on BitLocker.", but if I use "manage-bde d: -protectors -enable" I am prompted "ERROR: An error occurred <code 0x80310001>: This drive is not encrypted.".
A review of my issue is that I have a BitLocker Encrypted USB Drive, which will not allow me to unlock it no matter how i attempt to do it. I end up with the USB drive automatically unmounting itself when I try to unlock it and this will not allow me to
decrypt it.
Thank You in advance for taking the time and consideration to fully understand and read my post. I would have went to the Microsoft professional support hotline, but it would have cost about $250.00 for me to attempt to explain this very large amount of
text that I had to proof read and edit.
I believe I have stated all the information that is relevant to the issue I am having and I would appreciate any help that would help me resolve my problem decrypting the information, without the need to manually decrypt every single bit or using an at least
128 D-Bit quantum computer, "Qumputer".
I have considered these resources already, but am willing to reconsider them if i missed something.
BitLocker Drive Encryption Overview: http://technet.microsoft.com/en-us/library/cc732774.aspx
Manage-DBE: http://technet.microsoft.com/en-us/library/ff829849.aspx
Windows BitLocker Drive Encryption Frequently Asked Questions: http://technet.microsoft.com/en-us/library/cc766200%28v=ws.10%29.aspx (I haven't completely read everything, but skimmed through for what i thought may have been relevant.)
Scenario 14: Using a Data Recovery Agent to Recover BitLocker-Protected Drives (Windows 7): http://technet.microsoft.com/en-us/library/ee424312%28WS.10%29.aspx (This might have worked but I don't have a smart card and I didn't already have the
recovery agent set up in group policies before I started encrypting.)
Scenario 16: Using the BitLocker Repair Tool to Recover a Drive: http://technet.microsoft.com/en-us/library/ee523219%28WS.10%29.aspxHi,
Did you remember clear which one store in which one? It's so complex on your description.
Have you tried to recover the drive which the most key stored in it by non encrypted hard disk that stored in the USB drive key?
If it still failed, i would like to suggest you contact the professional data recovery center for help.
Note: It's not recommend you use third party software to recover. Since your data might lost because of some fault.
Karen Hu
TechNet Community Support
Sorry i tried to explain my situation as thoroughly as possible without having to take screen captures of each step of the process.
I have written down what keys were stored where, so there shouldn't be any chance of mixing up the keys. I have also attempted to recover using a different key. Possibly using a different key causes the drive to attempt to decrypt with the wrong algorithm
and actually encrypting the data even more, but this doesn't seem to be the case because it just fails and goes back into the state it was in.
Also how would one get a hold of the professional data recovery team. Them being "professionals" i would assume their services are not free, but i may be mistaken.
Also I will not attempt to use "third party software" again, but I was just getting desperate and that is why I tried it on the partition of the backup, which appears to be blank anyways. This isn't relevant to the issue at hand though.
I know encryption isn't 100% non reversible no matter how large of the keys and algorithms are, so there should always be a way to decrypt. -
Tips or Improvements for my Bitlocker Encryption Test Script
Hi Guys,
I just finished a little script to check if a drive is encrypted with Bitlocker. I wanted to post it here to see if anyone had some constructive criticism.
Here you go:
$computer = import-csv C:\scripts\bitlock3.csv
$namespace = "root\CIMV2\Security\MicrosoftVolumeEncryption"
Foreach($line in $computer){
$a=GWmi -class Win32_EncryptableVolume -computername $line.comp -namespace $namespace
$BitStat=$a.ProtectionStatus
If ($bitstat -eq 1) {Write-host $line.comp "is encrypted"}
Else {Write-host $line.comp "is NOT encrypted"}You're very welcome.
This adjustment removes all Write-Output statements and replaces them with a hashtable of the computer name and encryption status. Objects are created from those hashtables, they're then sorted by status to have 'NOT Encrypted' appear at the top of the output
CSV, and then sorted by computer name (just a habit of mine):
$namespace = 'root\cimv2\Security\MicrosoftVolumeEncryption'
Import-Csv C:\Scripts\bitlock3.csv | ForEach-Object {
$computerName = $_
try {
$status = Get-WmiObject -Class Win32_EncryptableVolume -ComputerName $computerName -Namespace $namespace -ErrorAction Stop
if ($status.ProtectionStatus -eq 1) {
$props = @{
ComputerName = $computerName
Status = 'Encrypted'
} else {
$props = @{
ComputerName = $computerName
Status = 'NOT Encrypted'
} catch {
$props = @{
ComputerName = $computerName
Status = "ERROR - $_"
New-Object PsObject -Property $props
} | Sort Status -Descending | Sort Name | Export-Csv .\bitlockerStatus.csv -NoTypeInformation
Don't retire TechNet! -
(Don't give up yet - 12,830+ strong and growing) -
PowerShell Script to enable encryption
Hi All,
I am hoping I can get some assistance. I am looking to create a script that will do following:
1. Enable Encryption
2. Backup Encryption Key and/or TPM Data to specific location and specific file name: ex: Computer Name or FQDN
Is this possible?There's the Bitlocker cmdlets, like Enable-Bitlocker. See
https://technet.microsoft.com/en-us/library/jj649829.aspx
This appears to encrypt drive when not encrypted already (or resume encryption when currently paused, as it states there).
About writing key protector to a text file:
http://blogs.technet.com/b/leoponti/archive/2013/08/17/powertip-use-powershell-to-write-bitlocker-recovery-key-to-text-file.aspx
Have not tried this myself though. -
My computer has Bitlocker encryption. When I plug in my iPod Shuffle to the USB port, iTunes does not recognize it. When asked to encrpt the Shuffle I say no, but still not recognized. When I encrypt it, still not recognized (even after it was restored by iTunes). Any suggestions please?
Did you find a solution?
My touch is doing the same thing. -
Is Diskpart unable to clean bitlocker encrypted Windows 8 to go installations?
Hi all.
I am aware that this is a configuration that not many of you will have, but worth a try...
I am running windows 8.1 enterprise x64 installed on a USB drive as windows to go. The USB drive is a supported one for this configuration, Kingston Data Traveller 32 GB. Also I use bitlocker to encrypt the whole drive and all works very nice.
Lately however, I wanted to restore an image backup to the drive, so I plugged it into another pc running windows 8.1 enterprise.
The imaging software however was not able to write to the drive and told me, it is in use. So I looked at explorer, but it was not even mounted, which is expected behavior with windows 8.1.
To overcome the problem, I tried to clean the drive using diskpart and this is where the question starts: Although diskpart told me that cleaning was successful, the imaging software was still not able to write to the drive! So I said, "damn
it, win8.1, what's wrong? I'll use windows 7 to replay the image to the drive!"
On windows 7 I was flabbergasted after inserting the drive: I was presented a message from bitlocker to go which asked me for the password (which I provided and which worked). I did not get that on 8.1!
Attention, the question is right here:
Why is diskpart unable to clean the drive? Why does it tell me "cleaning was successful" (and I could verify that, partitions were indeed removed) although it is obviously unable to remove the bitlocker info?
So far, my understanding of diskpart's clean command was that it completely resets the drive.
Am I right, or what did I miss? Is diskpart not supported on "windows 8.1 to go"?I dont think diskpart will remove bitlocker encryption.. To remove encryption you must use decryption method.. If you have forgotten password you have to use bitlocker recovery key
Try try Bitlocker repair tool if the partition is damaged..http://www.microsoft.com/en-us/download/details.aspx?id=17294
"The BitLocker Repair
Tool can assist administrators in recovering data from a corrupted or damaged disk volume that was encrypted with BitLocker."
Using the BitLocker
Repair Tool to Recover a Drive
http://technet.microsoft.com/en-us/library/ee523219(WS.10).aspx
http://support.microsoft.com/kb/928201
If you have lost your password or recovery key check these
I
Lost My Bitlocker Recovery Key
http://www.pcandtablet.com/windows-8-errors-and-crashes/279/i-have-lost-my-windows-8-bitlocker-key-now-i-cant-boot-how-can-i-recover-my-data.html
http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq
Hetti Arachchige V Aravinda | Network & System Administrator (B.Sc, Microsoft Small Business Specialist, MCP, MCTS, MCSA, MCSE,MCITP, CCNA, CEH, MBCS) -
Hi
It says in the smsts.log file from the laptop:
Evaluating a WMI condition expression TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: root\cimv2 TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: SELECT * FROM Win32_DiskPartition WHERE DiskIndex = 0 and Index = 0 and Size = 100 TSManager 03-02-2015 13:34:58 7304 (0x1C88)
The condition for the action (Create BitLocker partition) is evaluated to be true TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: smsswd.exe /run: cmd.exe /c bdeHdCfg.exe -target default -size 300 -quiet TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Start executing the command line: smsswd.exe /run: cmd.exe /c bdeHdCfg.exe -target default -size 300 -quiet TSManager 03-02-2015 13:34:58 7304 (0x1C88)
!--------------------------------------------------------------------------------------------! TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Expand a string: WinPEandFullOS TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Executing command line: smsswd.exe /run: cmd.exe /c bdeHdCfg.exe -target default -size 300 -quiet TSManager 03-02-2015 13:34:58 7304 (0x1C88)
Creation event received for process 7976 mtrmgr 03-02-2015 13:34:58 4564 (0x11D4)
[ smsswd.exe ] InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
PackageID = '' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
BaseVar = '', ContinueOnError='' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
ProgramName = 'cmd.exe /c bdeHdCfg.exe -target default -size 300 -quiet' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
SwdAction = '0001' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
Getting linked token InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
failed to get the linked token information. It may not be available. Error 1312 InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
Process ID 7976 is for process C:\Windows\CCM\smsswd.exe mtrmgr 03-02-2015 13:34:58 4564 (0x11D4)
No matching rule found for process 7976 mtrmgr 03-02-2015 13:34:58 948 (0x03B4)
Working dir 'not set' InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
Executing command line: Run command line InstallSoftware 03-02-2015 13:34:58 4668 (0x123C)
Creation event received for process 7452 mtrmgr 03-02-2015 13:34:58 4564 (0x11D4)
Process ID 7452 is for process C:\Windows\system32\cmd.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Found match against RuleID LGR00188 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Creation event received for process 7940 mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Tracked usage for process 7452 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Process ID 7940 is for process C:\Windows\system32\conhost.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Creation event received for process 3104 mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Found match against RuleID LGR00183 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Tracked usage for process 7940 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Process ID 3104 is for process C:\Windows\system32\BdeHdCfg.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Creation event received for process 7552 mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
No matching rule found for process 3104 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Process ID 7552 is for process C:\Windows\System32\vdsldr.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
Creation event received for process 7152 mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
No matching rule found for process 7552 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Process ID 7152 is for process C:\Windows\System32\vds.exe mtrmgr 03-02-2015 13:34:59 4564 (0x11D4)
No matching rule found for process 7152 mtrmgr 03-02-2015 13:34:59 948 (0x03B4)
Termination event received for process 3104 mtrmgr 03-02-2015 13:35:00 4564 (0x11D4)
Termination event received for process 7452 mtrmgr 03-02-2015 13:35:00 4564 (0x11D4)
Process completed with exit code 3231711234 InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
Termination event received for process 7940 mtrmgr 03-02-2015 13:35:00 4564 (0x11D4)
BitLocker Drive Preparation Tool version 6.1.7601 InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
opyright (C) 2006-2008 Microsoft Corporation. InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
Command line returned 3231711234 InstallSoftware 03-02-2015 13:35:00 4668 (0x123C)
Termination event received for process 7976 mtrmgr 03-02-2015 13:35:01 4564 (0x11D4)
Process completed with exit code 3231711234 TSManager 03-02-2015 13:35:01 7304 (0x1C88)
!--------------------------------------------------------------------------------------------! TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Failed to run the action: Create BitLocker partition.
Unknown error (Error: C0A00002; Source: Unknown) TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set authenticator in transport TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set a global environment variable _SMSTSLastActionRetCode=-1063256062 TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set a global environment variable _SMSTSLastActionSucceeded=false TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Clear local default environment TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Failed to run the action: Create BitLocker partition. Execution has been aborted TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set authenticator in transport TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Failed to run the last action: Create BitLocker partition. Execution of task sequence failed.
Unknown error (Error: C0A00002; Source: Unknown) TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Set authenticator in transport TSManager 03-02-2015 13:35:01 7304 (0x1C88)
Termination event received for process 6188 mtrmgr 03-02-2015 13:35:03 4564 (0x11D4)
Termination event received for process 7552 mtrmgr 03-02-2015 13:35:06 4564 (0x11D4)
Task Sequence Engine failed! Code: enExecutionFail TSManager 03-02-2015 13:35:07 7304 (0x1C88)
**************************************************************************** TSManager 03-02-2015 13:35:07 7304 (0x1C88)
Task sequence execution failed with error code 80004005 TSManager 03-02-2015 13:35:07 7304 (0x1C88)Hi Jason
See below. The problem is that on some of our laptops not anywhere geographically close to our IT department, the laptop has been setup with 2 partitions and on some only with 1 partition (we used another deployment system 2 years ago), so I am trying
to prepare all our corporate laptops for Bitlocker encryption. The reason why I made this task sequence was to hit all those laptops that is not being reinstalled / installed again in the near future.
Do you have any suggestions, should it help to remove the cmd.exe /c in front of the Bitlocker cmd line ?
We have tried the MBAM solution, but in my opinion too many problems with the MBAM client. -
I am confused why there Protocol Encryption Status are different from each other they are all using AnyConnect client v2.5.
user 1 - AnyConnect-Parent SSL-Tunnel RC4
user 2 - AnyConnect-Parent SSL-Tunnel DTLS-Tunnel RC4 AES128
user 3 - Clientless SSL-Tunnel DTLS-Tunnel (this user is using an AnyConnect client, but when she connects her status show Clientless)The 17" MBP has an extra USB 2.0 port and also comes with a FireWire 800 port.
As far as the GPUs go, they are the same: ATi Mobility Radeon X1600.
As far as the GPU-dedicated-RAM (VRAM) goes, the only difference is the amount (128MB vs 256MB). More VRAM is better if you are going to be running video intensive apps, eg. multimedia apps and/or 3D games. The VRAM is GDDR3 which provides greater bandwidth than the DDR2 technology used in the 512MB/1GB/2GB of 'main memory'.
There is, of course, the different CPU multipliers. The 1.83GHz has an 11x multiplier while the 2.00GHz has a 12x multiplier. The 2.16GHz CPU of the 17" MBP has a 13x CPU multiplier.
The Front Side Bus speed is the same 667MHz on all three models. It drops down to 167MHz at the boundary of the CPU to which is applied the above multipliers, ie:
667MHz FSB / 4 = 167MHz
167MHz x 11 = 1.83GHz
167MHz x 12 = 2.00GHz
167MHz x 13 = 2.16GHz
N.B. 167MHz is really 1000/6. -
Backing Up Bitlocker Encrypted Disks
I'm planning to have bitlocker encrypt the hard drives on my server, but I have questions about windows server backups of encrypted hard drives. I use both file AND system image backups (i.e. Bare metal recovery, system state etc.),
so my first question is are those backups also encrypted. I seem to recall (though I hadn't gotten around to using it) that 2008 R2 backups were DECRYPTED (in any event, NOT ENCRYPTED), but I can't find any information about
whether that's still true in 2012 R2.
I'd be grateful if someone could enlighten me about this.
Capt. DinosaurHi Sharon, Thanks for your response:
"As you said it is not encrypted - Data is backed up to an ISO file and Windows Server Backup will run when volume is decrypted. In order to protect the backup, you can encrypt the target volume in the same time"
I was hoping that the output would not be encrypted, but I don't understand about it going to an ISO file. I always include a System Image (Bare Metal Recovery) in addition to the selected data files. Currently, with the disks NOT ENCRYPTED,
the system image is a series of .VHDX & .XML files, and the file backups are .ZIPs. I'm not sure how an ISO file can be restored.
"If you are using BitLocker Drive Encryption to protect your server, if possible, make sure that the storage location you choose is also protected with BitLocker Drive Encryption. This will not happen automatically—it
must be enabled explicitly."
I don't wan the backups to be encrypted. I back up to an external HDD which is stored offsite in a fire resistant vault. I need it to be unencrypted so that in the event of a disaster (i.e. my server becomes a puddle of molten metal) I need to
be able to restore to new hardware. Is that not going to work???
Capt. Dinosaur -
Disable forced bitlocker encryption for certain USB devices
Is it possible to specify certain USB removable devices to not be Bitlocker encrypted? Example - A GPS so the user can do updates. I didn't see any way to do this via policy.
No, the reason is this, bitlocker is not going to make any difference between the devices based upon the hardware ID; it only takes the class of the device while applying the policies.
Mayank Sharma Support Engineer at Microsoft working in Enterprise Platform Support. -
MBAM 2.0 Windows 7 clients not sending encryption status after intial encryption
I am getting following error event under MBAM\Admin while looking out for reasons for not receiving machine details under compliance reporting:<o:p></o:p>
Event Id: 4
Source: MBAM
An error occurred while sending encryption status data.
Error code:
0x80041010
Details:
NULL
Already have tried all possible ways as mentioned under other related forums but it is of no success. Can someone please help in solving this error?
Regards,<o:p></o:p>
Paras<o:p></o:p>Hi Manoj,
I am also getting the Event ID:4 An error occurred while sending encryption status data.
Error code: 0x80041010
The MBAM reg key is attached. I have also confirmed my MBAM server endpoints are correct. The system partition is separate from the OS partition. The TPM is on and ownership has not been taken. The MBAM client service is running
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM]
"AgentVersion"="2.5.0244.0"
"Installed"=dword:00000001
"NoStartupDelay"=dword:00000001
Kindly advise
Thank you -
Powershell script monitor with encrypted password
I have created a powershell script based monitor in my management pack and everything is ok but I can't get my credentials work inside the script. I want to open pssession to another computer with my credentials. I have triple checked that my pssession is
working because I can access it from powershell console.
This works perfectly at local server from PSconsole:
$EncryptedPassword ="01000000d08c9ddf0115d1118c7a00c04fc297eb01000000534b2....etc...etc..."
$pw = convertto-securestring -String $EncryptedPassword
$cred = new-object System.Management.Automation.PSCredential -argumentlist "MyDOMAIN\MyACCOUNT",$pw
$s = New-PSSession -ComputerName "MyServer" -Port MyPort -Credential $cred
But when I run the same lines inside my management pack the convertto-securestring
does nothing, it just wont convert the encrypted password to secure string!
I have tried this plain text method and it works
inside my management pack, but I don't want to use it because you can see the password in plain text:
ConvertTo-SecureString -String "myPlainTextPassword" -AsPlainText -Force
This is the $error variable, so it's basically says that I don't have anything in the password secure string variable because the convertion did not work for some reason:
The argument is null. Provide a valid value for the argument, and then try running the command again. Cannot process argument transformation on parameter 'Credential'. PromptForCredential Exception calling ".ctor" with "2" argument(s):
"Cannot process argument because the value of argument "password" is null. Change the value of argument "password" to a non-null value." The system cannot find the file specified. Exception calling "SecureStringToBSTR"
with "1" argument(s): "Value cannot be null. Parameter name: s" The system cannot find the file specified. Exception calling "SecureStringToBSTR" with "1" argument(s): "Value cannot be null. Parameter name: s"
The system cannot find the file specified.
So is there some known issue with SCOM Agent / management pack when you are dealing with convertto-securestring
function with encrypted passwords?
I used these methods to encrypt the password: Technet article about encryptionI got it to work!
<TypeDefinitions>
<EntityTypes>
<ClassTypes>
<ClassType ID="MyClass" Accessibility="Public" Abstract="false" Base="Windows!Microsoft.Windows.LocalApplication" Hosted="true" Singleton="false" Extension="false"
/>
</ClassTypes>
</EntityTypes>
<SecureReferences>
<SecureReference ID="MyRunAsAccountProfile" Accessibility="Public" Context="System!System.Entity" />
</SecureReferences>
<ScriptBody>param (
[string]$Username,
[string]$Password
$API = new-object -comObject "MOM.ScriptAPI"
$PropertyBag = $API.CreatePropertyBag()
$cred = New-Object System.Management.Automation.PSCredential -Argumentlist @($Username,(ConvertTo-SecureString -String $Password -AsPlainText -Force))
$s = New-PSSession -ComputerName "myserver" -Credential $cred
Invoke-Command -Session $s -ScriptBlock { $service = Get-Service -Name Spooler}
$invcom = Invoke-Command -Session $s -ScriptBlock { $service.status}
Remove-PSSession -Id $s.Id
if ($invcom.Value -ne "Running") {
$PropertyBag.AddValue("State","ERROR")
$outputLongLine = "Spooler Service is not running on target server!"
$PropertyBag.AddValue("Description", $outputLongLine)
else {
$PropertyBag.AddValue("State","OK")
$outputLongLine = "Spooler is Running on target server."
$PropertyBag.AddValue("Description", $outputLongLine)
$PropertyBag</ScriptBody>
<Parameters>
<Parameter>
<Name>Username</Name>
<Value>$RunAs[Name="MyRunAsAccountProfile"]/Domain$\$RunAs[Name="MyRunAsAccountProfile"]/UserName$</Value>
</Parameter>
<Parameter>
<Name>Password</Name>
<Value>$RunAs[Name="MyRunAsAccountProfile"]/Password$</Value>
</Parameter> -
Can my MacBook Pro use boot camp with Windows 7 with BitLocker encryption?
I'm at wit's end with this, and I'm hoping I can get some advice here. I've read so many forum, posts and reviews that I'm not entirely sure what I can trust.
I have an early 2011 MacBook Pro (MacBookPro8,3). I need to run Windows encrypted for work purposes. It needs to be real windows with full-disk encryption (FDE). The business tools run in boot camp, but not in Parallels, because Parallels doesn't support DirectX 11. I would also benefit greatly from an SSD.
I do not want to do anything hacky like removing the Mac reocovery partition, because I've read that just loading Disk Utility in OS X might mess up your patrition boot tables as it tries to "fix" things. I don't want to have to manually reocover to fix stuff or chance losing data.
I have read (and tried) installing BitLocker on Windows 7 Ultimate under boot camp, but ran into the partition limit on my internal HDD. A maximum of 4 partitions are allowed, and between OS X, its recovery, boot camp, and the Windows partition, all 4 are used.
I have considered one of the following, which may work:
Install OWC's Data Doubler Kit with an additional 240GB SSD (http://eshop.macsales.com/item/OWC/DDMBS6E240/). I would replace the internal SuperDrive with the HDD, and install the new SSD on the faster SATA 6G port. Windows would be installed on the SSD and OS X would stay on the HDD.
Replace the internal HDD with a new SSD (keeping the SuperDrive). I would lose OS X altogether and just have Windows installed.
Forget the entire thing and just buy a PC for work.
My thoughts are that with option both options #1 and #2, I don't even know if these setups will allow BitLocker. In both cases, Windows will be the only partition on the drive, so I'm assuming that when BitLocker is installed, there will be room for the new partition it creates. With option #1, I'm pretty sure I'd still be using Boot Camp, but how would that would for option #2? Is boot camp used even though there is no Mac partition? Would I still need to keey the Mac Recovery partition for this to work? I'd probably need to use Boot Camp drivers under Windows, I think.
I'd certainly be interested in using a self-encrypting drive (SED), especially a SSD, but I'm concerned that most of them appear to require TPM or BIOS functions that Mac's EFI does not provide. Such a drive would allow me to drop BitLocker, but I would need to be use the self-encryption actually works on this setup. From what I've read, most of the SED drives will work just fine under EFI, but you won't be able to set or access the encryption password, which pretty much makes these drives unencrypted.
I've read that BitLocker can be configured to use a flash drive as a decryption key, but I haven't been able to test that yet. I'm tried creating bootable flash drives under Windows and OS X, and none of them seem to appear when I access the boot menu (hold option during boot chime). I don't even know if this system supports bootable USB flash drives, or whether they can be used as a BitLocker key under boot camp.
For the record, I have attempted to use an external thunderbolt drive as my Windows partition, but Windows doesn't want to be installed on removable media, and even if it worked, I believe you can only boot OS X from thunderbolt. I do have a second OS X install booting from the thunderbolt drive, so I know that works. Also, FileVault 2 is installed on my OS X partition, and I read something about FV2 using the Recovery partition somehow so you can't remove the recovery partition to make room for BitLocker.
So ... does anyone have any suggestions preferably based on personal experience as to whether options #1 or #2 should work for my needs?
At this point, I'm really thinking I should just bite the bullet and purchase a PC that I will forever look down upon.Are you using a MacBook Pro? Is everything installed on the same drive?
I would love to know how that install was performed. When I install Windows under boot camp, my MacBook Pro drive ends up with 4 partitions: Mac, Mac Recovery, Windows, and a small partition that I believe is used by boot camp.
Installing BitLocker on Windows requires the creation of a new small partition that Windows will boot off. The small partition is unencrypted, while the primary Windows partition will get encrypted. The following post discusses the maximum partition issue: https://discussions.apple.com/message/22753791#22753791
Has anyone installed Windows through boot camp on it's own drive, and if so, can BitLocker be installed on that without reaching any partition limit? I'm assuming that's possible, but would like to know before I spend hundreds on new hardware.
Maybe you are looking for
-
Remote startup and shutdown of of PXIe controller running Labview RT (WoL)
I would like to be able to remotely start up and shut down a PXIe-8133/PXIe-8130 controller remotely over the LAN. I can see that the hardware specs for the PXIe-8133 supports wake on lan (WoL), but I'm not sure about the 8130 (although it seems to
-
Changing the short name at migration?
Rather than upgrading from Tiger to Leopard, I backed everything up on an external drive in order to do a clean install. When I to migrate I want to change the short name, or somehow bring what was under a previous account into a new one with a diffe
-
Charm: BP problem with the user
Hi! I have problem with the user for the usage of ChaRM. When I try to set the the (urgent) correction in Development i get the following error. There is no valid business partner assigned to your user. Meanwhile the appropriate BP-entry for the user
-
How do I send a from from pdf to word?
so how do I do it?
-
Cannot remove the access control entry object on the object because the ACE isn't present
Hello, I am very new to using Powershell and Exchange Management Shell, and have no prior experience using either of these tools. However, the software I am installing requires me to use the EMS tool in order to set certain permissions for a user in