runas and manage-bde.exe to set bitlocker pin?
I am trying to script the addition of a bitlocker pin on already encrypted drives. I can open a command prompt as an administrator and run: manage-bde.exe -protectors -add c: -tp 1234 and it works perfectly. However, if I open a command prompt as a normal user and then use ranas with the same account it fails. runas /user:domain\useraname "manage-bde.exe -protectors -add c: -tp 1234" I suspect it has something to do with UAC, but don't know what. Any ideas or alternatives are welcome.
February 6th, 2010 12:45am

I've looked in to it more and the issue is caused by UAC, runas is not the same.Anyone else have a solution for letting users set/change their bitlocker pin?manage-bde and wmi can be used, but they both require admin and I can't find a great way to elevate it in a way that would allow a regular user the ability to set their own pin.
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2010 1:59am

This would be very helpful! I am enabling bitlocker via an OSD task sequence and adding a custom command line task to set a temp PIN. I can have our desktop builders help the user set one when they deliver the machine, however I wish there was a way in the gui for nonadmins to set this PIN! :(
March 11th, 2010 11:52pm

I am wondering if anyone has identified a way for nonadmin users to be able to reset their pin? It has been a few months since the above question was posted. We don't won't have much luck deploying PC's using the TPM + PIN if there is not a mechanism for allowing users to reset the PIN while in the field. I was suprised that after entering the recovery password there was not an option for resetting the PIN. If a user is unable to reset the they will have to call the helpdesk each time they turn on their PC. thanks
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2010 10:37pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics