BitLocker clean up

Update 2021-03-12: I have corrected the description of this script to be more accurate.

I have used this script on PC clients in production to check if BitLocker is already enabled and that the necessary protectors are created. If not, the script will add a TPM protector and a recovery password protector which will be backed up in AD. The script will also resume BitLocker protection of the OS volume if it has been suspended.


Join the discussion and tell us your opinion.

2020-12-24 at 17:40

Thank you for your nice script! I have tested it and it did not trigger the encryption. How to allow the TPMprotector and send the key to AD?

2021-03-12 at 11:36

Hi Lewis
Sorry for the late reply. I have corrected the description of the script…it does not start the encryption process after all. To modify which protectors are allowed you could set this with a GPO:

Leave a reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.