I am in need of help regarding powershell command - Enable-Bitlocker
The following code is an example:
$pw = ConvertTo-SecureString "123456" -AsPlainText -Force
Enable-BitLocker -MountPoint $env:SystemDrive -EncryptionMethod Aes256 -Pin $pw -TpmAndPinProtector -UsedSpaceOnly -SkipHardwareTest -ErrorAction SilentlyContinue
Start-Sleep 2
(Get-BitLockerVolume -MountPoint $env:HOMEDRIVE).KeyProtector > $env:UserProfile\Desktop\BitLocker_Recovery_Key.txt
My problem is , the only output of this command is , the following in the Bitlocker_Recovery_Key.txt
KeyProtectorId : {CC2206C6-1B69-4DC1-96FE-38EED6F576E1}
AutoUnlockProtector :
KeyProtectorType : TpmPin
KeyFileName :
RecoveryPassword :
KeyCertificateType :
Thumbprint :
My aim is to acquire the recovery password (48 string password) as a back up for my bitlocker encryption.
Thanks in advance!
I managed to solve my own problem after reading the microsoft documentation of bitlocker a little bit more thoroughly.
It seems i have done every step required to automate the process , but in order to receive a recovery key , we need to add a recovery password protector (do note that adding a recovery password protector does not require us to actually submit a password but only to receive a recovery password and a numerical password) The process of receiving the password is achieved by invoking the following command with powershell.
Invoke-Expression "Manage-bde -protectors -add <drive of choice or $i if in a loop> -RecoveryPassword"
Admin rights are required to activate the protector , the following is the output By using the command manage-bde -protectors -get <$i or drive letter>
Volume : []
All Key Protectors
TPM And PIN:
ID:
PCR Validation Profile:
Numerical Password:
ID: id
Password:
password
Numerical Password:
ID: id
Password:
password
Only then we can use a recovery key with our method.
Do note , enable-bitlocker or manage-bde -on <drive or $i> does not automatically produce a recovery password , we need to add the recovery password protector.