Hi, We are going to enable BitLocker on our Vista SP1 workstations. The workstations are up and running with a c:\ d:\ and a s:\ partition which is the boot partition. So we need a script to enable BitLocker Drive Encryption on C:\ and D:\ and we want to save the recovery password in AD and use TPM + PIN (The TPM is activated). Can the manage-bde.wsf sciptbe used to do this? Any better way to do this? Please advice. Best regards,

Hi, Yes, you can use the Manage-bde.wsf script to encrypt data volumes. To view more detailed Help for this script, type the following command: cscript.exe %windir%\system32\manage-bde.wsf -h After you finish the guideline in the article Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information, recovery information (such as recovery passwords) will be automatically backed up to Active Directory whenever this information is created and changed. Hope it helps.