+ Reply to Thread
Results 1 to 3 of 3
  1. Junior Member
    Join Date
    May 2013
    Location
    Sydney Australia
    Posts
    14
    #1

    Default 70-411: BitLocker Protectors

    Hello



    I have completed the following procedure,

    This created the startup key which is fine
    Code:
    Manage-bde -protectors -add C: -startupkey :E

    I then encrypted the drive, which also worked
    Code:
    manage-bde -on C:
    Rebooted the server, once the server came back up I decided to add another protector

    I then ran these commands to add a password protector which worked
    Code:
    $SecureString = ConvertTo-SecureString "SomePassowrdInHere" -AsPlainText -Force
    Code:
    Add-BitLockerKeyProtector -MountPoint C: -PasswordProtector -Password $SecureString
    So then I ran
    Code:
    manage-bde -status
    You can see the two protectors


    When I reboot the server, I am never prompted to enter a password when the server starts

    What did I do wrong?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2012
    Location
    Kansas City
    Posts
    233

    Certifications
    MCSA: Server 2012/2016, MCSE: CP&I
    #2
    Do you have the "Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ 'Require additional authentication at startup'" policy enabled and configured?
    2017 Goals: MCSA : Server 2016; MCSE: Cloud Platform and Infrastructure BOTH COMPLETED!
    2018 Goals: Security+
    Completed: MCSA 2012 (01/2016), MCSE: Cloud Platform and Infrastructure (07/2017), MCSA 2017 (09/2017)
    Future Goals: CISSP, CCENT
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    May 2013
    Location
    Sydney Australia
    Posts
    14
    #3
    Quote Originally Posted by poolmanjim View Post
    Do you have the "Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives \ 'Require additional authentication at startup'" policy enabled and configured?
    Yes this is enabled

    So I did some testing and I deleted the startup file from the E: drive and then when I rebooted the server it then started to ask for me for the startup password
    Last edited by mattsaundersmcp; 05-27-2017 at 12:13 AM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks