enablebitlocker.vbs does not work on Windows 7 computer
I have a Windows 2003 Active Directory domain, Windows 7 computer, Group Policies that require saving both TPM and Bitlocker passwords to AD. When I complete a manual installation, intializing TPM and encrpting with BitLocker, it works fine.
All keys are copied to AD and the drives are encrypted and TPM takes ownership.
However, after I run EnableBitLocker.vbs /on:tpm /l:C:\BitLocker.log the log file says:
Script processing started 7/22/2010 1:47:23 PM
Proper number of command line arguments passed to the script
-----------------------------------------------------------------------
---------------Executing with the following arguments------------------
-----------------------------------------------------------------------
Enable parameters: tpm
Logging location: c:\enablebde.log
Create recovery key: No recovery key use specified
Encryption method: 1
Create SMS status MIF's: No SMS status MIF's will be created
Reset TPM ownership: TPM ownership information will not be cleared
User prompting: Users will not be prompted for PIN or to insert USB key
-----------------------------------------------------------------------
Connection succeeded to MicrosoftTPM
Successfully retrieved a TPM instance from the Win32_TPM provider class
TPM found in the following state:
Enabled - False
Activated - True
Owned - False
Connection succeeded to MicrosoftVolumeEncryption
TPM found in the following state: Enabled - False, Activated - True, Owned - False. The volume has a protection status of: . . Script Completed Successfully
Script ended 7/22/2010 1:47:23 PM
Doesn't this script initialize TPM? I also tried it with the cscript command line and got the same results. Can someone help?
Thanks
Roblurker
July 22nd, 2010 8:59pm
Maybe it can help you,
http://technet.microsoft.com/en-us/library/dd875527(WS.10).aspx
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2010 1:51am
Maybe it can help you,
http://technet.microsoft.com/en-us/library/dd875527(WS.10).aspx
July 26th, 2010 1:51am
Hey Rob,
not sure if you ever got this answered somewhere else but you will need to add /rk /promptuser after section. you need to have /rk to create the needed key and /promptuser just because you are using /rk but an prompt doesnt actually come up since you
are using only /tpm earlier in the command. hope this helps.
Dex
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2011 2:14pm